Why We Should Take Privacy & Security Seriously???

Hello everyone,

I hope all of you are fit and fine. Nowadays most of the peoples are filling COVID vaccine form and posting it directly on social media is a trend. Where private information like citizenship, contact number etc. are disclosed publicly on the internet. I know privacy and security is a new topic for a country like Nepal. So I decided why not share what I understand and why Privacy and security matters. Is it a really serious topic?

I also saw most of the time if someone’s found citizenship, passport, license etc document he/she directly post in the social media without hiding or blurring their private information.

Why it matters? Does privacy matter?

Personally identifiable information (PII) is any data that can be used to identify a specific individual. Social Security numbers, mailing or email address, and phone numbers have most commonly been considered PII, but technology has expanded the scope of PII considerably. It can include an IP address, login IDs, social media posts, or digital images. Geolocation, biometric, and behavioural data can also be classified as PII.

So where it can be used to misused our data?

Yes, this data leads to find more information directly and indirectly. Where it can be misused in the following places:

  • We make our citizenship/passport/license etc. documents one time and it will be forever. And if it leaked it can not be changed. (Like our father’s name mother’s name, date of birth, birthplace which can not be changed it will remain forever.) So we need especial take care of it before it leaks.
  • If we post citizenship/passport or any documents malicious use can documents in fraud activities one good example can be used to buying new sim card using that sim card in fraud activities.
  • If we just post with citizenship number, passport number, date of birth. Using date information a malicious actor can use that information to bypass the mechanism.
  • Like if a malicious user accidentally get your username and password then try to login in from unknown location or device many of social media like Google, Facebook and some of banking account asks dob, citizenship number to verify if you really try to login or not.
  • So we should be very careful before we post our private information publicly.

According to GDPR for especially severe violations, listed in Art. 83(5) GDPR, the fine framework can be up to 20 million euros.

Yahoo had paid a $35 million penalty to settle charges related to the data breach. Where names, email addresses, telephone numbers, dates of birth, hashed passwords etc are leaked.

Advice from my side:

  • Don’t post this kind of information/documents publicly which discloses our private information.
  • If you want to post, please blur the sensitive information like citizenship number, passport number, date of birth etc. so using that information malicious can not misuse.
  • Don’t publicly allow your full date of birth on Facebook or other social media.
  • Use a different email for different purposes.
  • Use all the available security mechanisms like Two Factor Authentication(2FA).
  • Use the different password in different social accounts.
  • Completely remove the phone number after you don’t use it.

Thank you so much for your time to reading my article.

Also, I am thankful to Nirmal Dahal dai for proofreading.

If this article seems informative don’t forget to share this article with your friends, family and circle. #StaySafe #StaySecure

Connect with me on:

Twitter: https://twitter.com/bishal0x01

Instagram: https://www.instagram.com/bishal0x01/

YouTube: https://www.youtube.com/therbishal

References:

https://gdpr-info.eu/issues/fines-penalties/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bishal Shrestha

Bishal Shrestha

Learner || Appsec || Bug Bounty Hunter || Bugcrowd MVP Q3 2020