Innocently providing your name at your local coffee shop is just an example of how easy it can be for miscreants to cut through the ‘privacy’ of social media accounts, says Carey van Vlaanderen, CEO at ESET South Africa.
When Starbucks introduced personalising the coffee shop experience by writing their customer’s name on their coffee cups people felt violated. Why on earth would a coffee chain want to know your name?
Once coffee drinkers came around to the idea that the baristas were demanding their names, then began a wave of uproar across social media to those whose names were spelt incorrectly. Admittedly, it would increase the queue length if each time you were asked how to spell your name. There is a theory that this misspelling is on purpose so people will turn to social media with a photo of their branded coffee cup to complain about their barista not knowing how to spell whatever ‘straightforward’ name they possess.
Once you have given your name to the barista (and any prying ears in the queue), you are giving away something very personal to unknown entities. It might not feel that significant at the time as you wait for your latte but giving away anything personally identifiable could ultimately be used against you.
Starbucks don’t ask for ID, so should we think of a pseudonym or a code word instead?
How would a name possibly give away so much detail you may wonder? Imagine you see a man accompanied by a laptop and personalised coffee cup. He opens his laptop and signs in and then you see a company logo physically on his laptop and as the desktop background. You can’t read every word, but you know the company well enough to recognise it. Now, add it to the fact you have his first name, you can then start your open source research on him.
You have a name and a company and within minutes Google can reveal his full name no the companies ‘About’ page, complete with head shot and bio. If you go to LinkedIn you can locate his career history, and possibly also his personal email, twitter handle and hobbies. If you switch to Twitter, you can locate contacts, family connections, and even children’s names. You move to Facebook to his wife’s open profile, and it continues.
Many people may possibly be thinking “who cares?” or “what can a hacker really do with my information?”. This attitude is what is getting many people into trouble with their cybersecurity. Whilst banks are reducing how often they refund such instances, the problem will only increase. Hackers can and will make your life a misery using targeted attacks.
Even if you are sitting thinking that your security is fool proof, what information is given away by your family and how good is their security? If your partner’s email got hacked and you received an email from him or her asking a relatively normal question like “what’s our banking password again, darling?” would you be tempted to respond or would flashing lights and alarm bells go off?
How do we overcome this issue? And how long before the banks don’t even chase any of the money that has been unfortunately swindled?
Awareness training has limitations and e-learning rarely benefits a company, so the answer lies fundamentally in shifting culture. Making people aware is one thing but making them better is another. For example, we all know not to reuse a password, but so many people take that risk every single day.
People don’t change easily, and when people don’t care about the issue, it makes it harder to persuade them not to fall into potential pitfalls. Companies who make it a compulsory to use a unique password and authenticator app to sign in, would soon give their data and networks a stronger defence.
Inevitably, there will be an immediate outcry from and torrent of angry tweets by inconvenienced customers. However, if people don’t change by choice, making security mandatory will soon make their companies and their customers much safer, without having to worry about splashing our data on our personalised coffee cups.