Personal data: a potential gold mine for the wrong people

New research has uncovered some interesting home truths about our personal data habits. Here, two cybersecurity experts unpack the findings and share some advice on keeping our data secure.

Written: Sep 2020

Reading Time: 4 minutes

What is personal data? Simply put, it’s what we collectively term all those bits and pieces of information that can eventually lead to the identification of an individual. This can be something as simple as your name or your home address, location data on your phone, your computer’s IP address, or a cookie ID.

Curious about what the future holds? Check out Telenor’s Tech Trends

As you probably noticed, the protection of personal data is something of a hot topic right now, and rightly so. Dangers related to cyber criminality, election manipulation, and intrusion on privacy rights are just some of the ways conversations around personal data find their way into the news. The SmartLife survey, conducted recently by Telenor Research in Asia and the Nordics, has lifted the lid on some interesting details about people’s willingness to share personal data. How, though, can be sure we’re putting our security first when we decide to share our information? We sat down with two of our security experts Alisa Mujanic and Peter Ottis to discuss the findings and grab some pro cybersecurity tips we can use in our everyday.

Alisa Mujanic, Business Security Officer, and Peter Ottis, Security Intelligence Analyst, are both working in the Business Security unit at Telenor Group.

Educate yourself: Get free access to online security awareness program!

According to the survey results, young people are more inclined to share their credit card number with their mobile provider. Should people in general be more restrictive about this?

“It’s important to remember that credit card numbers are sensitive information that should only be shared with companies or websites you trust. Hackers frequently go after websites and accounts that can expose large amounts of credit cards. If obtained, they often sell the credit card information to others, create a counterfeit card, or buy items that can easily be resold,” says Mujanic.

How can I better detect and protect against credit card fraud?

“Firstly, I would advise to always closely monitor your bank and credit accounts, as you’ll be able to swiftly react to any charges or bills paid that you didn’t make or authorise. Secondly, don’t register any credit card information before you’ve performed a background check of the company or the website. Also, see if your credit card vendor has apps that can be configured to send a message every time the card is used. That can be a useful fraud detector.”

The study also finds that people are more willing to share personal data when a security purpose is stated, like sharing facial recognition data. How do you interpret this in light of current cybersecurity trends?

“Hopefully this indicates that people are becoming more aware of the importance of security and how security threats may affect them, which is very positive. Security-aware people play a crucial part in building up cyber resiliency. However, people need to be aware that biometric data like facial recognition also is vulnerable to hacking, as hackers are finding new ways to spoof the system. Also, since your biometric features are permanent, so is the damage in the case of a hack. As opposed to a breached password, there is no reset button to recreate a new biometric feature,” Ottis explains.

“Cyber-crime, in general, is one of the fastest-growing criminal activities and is overtaking traditional crime across several countries,” says Alisa Mujanic, Business Security Officer in Telenor Group.

Have you heard about defendable architecture before? Well, it’s crucial to our digital safety

Another takeaway from the study is that respondents in Asia are notably more willing to share location data with their mobile operator than their Nordic counterparts. What are the risks concerning sharing location data?

“Mobile location data tells the story of your life. Knowing when you woke up, which bus you took to work, who you met for lunch, and so on. If insufficiently anonymised, cyber criminals can use this data to identify you, track your movements in real time, and spear-phish you based on the information. In a spear-phishing attack, hackers usually send the victim an e-mail containing a malicious link or attachment while pretending to be from a legitimate and trusted source,” says Ottis.

Mujanic adds:

“For example, if the attacker knows that you work out at a certain gym every Tuesday, and sends you an e-mail based on this pretending to be from your local gym, it is a much higher likelihood that you will perceive the email as genuine. Remember that your personal and corporate life are intertwined online, so a hacker may use private information such as your location data to spear-phish your work accounts.”

How can I safeguard my location data in the best possible way?

“The most important thing you can do is to get an overview of which apps on your phone request your location data. You may be surprised by the result. Many apps that request your location, like weather, social media, or local news apps, often work just fine without it. When you provide access to location data, make sure to enable this on a case-by-case basis and not 24/7. If you want to have food delivered to your location, the app only needs to know your location when you order, not the rest of the week,” Ottis informs.

Read more about our public policy position on cybersecurity