Page 55 - the SyI Quarterly 15
P. 55
The other control is to prevent bulk extraction. A database may only be searched for single
records as part of a normal business process. Again a firewall in front of the database, e.g.
an SQL proxy, could whitelist the commands that can be used and prevent file transfer
or extracts of the database being taken. Specific controls that prevent extraction of data
and data mining is the best method for ensuring malicious code, hackers and staff cannot
take copies of the dataset or perform searches on inappropriate search terms including
wildcards.
The last aspect is people who do not realise they are sharing their lives. This is especially
true when some social media sites change their terms and conditions and open up privacy
settings. I no longer have accounts on certain social media sites, as they now ‘own all
photographs posted on xxxx’. They also twice removed the privacy settings so that my
information was exposed until I added the privacy controls again.
Millions of people still do not realise that their information is public. Even simple things like
putting too much detail in a CV uploaded to job sites can be a bad thing. It does not take
much for a criminal to open an account as a potential employer and browse CVs, which can
include full names, address, contact details and so on…. Or for your boss to find out you are
looking for a new job. It is vital that people think about what information they are putting on
the Internet and why.
A short CV with an email address and note that a full version is available on request is all
that is needed on job sites. Searching for medical websites and certain information should
be done with caution, including ensuring the browser is set to do not track. I would suggest
using a different web browser in incognito mode for sensitive sites, one that does not share
cookies or cache with your main browser and preferably uses a VPN via another country.
If you look after the computers for children and family members (that may be adults, but
new to the Internet), its best to ensure that their computer has a full Internet security
package, which includes parental controls. Configure this for them to prevent personal
information being exposed and prevent access to blacklisted websites. Though this will not
solve every issue it will certainly help to protect the naïve from themselves.
As storage gets cheaper, processing power increases exponentially and the Internet
becomes more pervasive in everyone’s lives, the data mining issue will just get worse.
Criminals are going to follow the money online. They are going to target people for identity
theft, blackmail and worse. Private investigators and investigative journalists are going to
use those massive data sources to their benefit and marketing will become even more
accurate and targeted, even down to your current location. AI is going to compound this
issue significantly over the next few years.
However, this does not have to be as bad as it sounds; fear, uncertainty and doubt can be
just as bad, as they prevent you making full use of the advantages offered by the Internet.
Simple tricks can help like never using exactly the same password across multiple sites, but
rather using a formulae that’s easy to remember such as “website+constant”. Personally I
also do not put accurate data in to websites unless they are Government, Bank or need it
for my benefit. It’s amazing how many sites ask for your data of birth and mother’s maiden
name, even changing your DoB by a couple of days on these sites will stop it being used
against you or matching in a search.
If you protect your personal data, as you would in the real world, and minimise where your
personal data is exposed and stored on third party databases, you can enjoy the Internet
with minimal risk.
55
