Smart device security: My possessions in the information age
- Estonian Safer Internet Centre
Veiko Hani, training provider at Eduring, deconstructs the commonly-accepted notion that a smart device is not really valuable, and that losing it is not very damageable, to increase awareness about the paramount importance of online safety and data protection.
"We often consume and create information without taking note of it. Our smart devices are constantly online, which means there is a permanent data bridge between the device and base stations. We capture our surroundings in photos and videos and upload them to clouds. We express our opinions on social media and communicate with others. All of these activities and many others leave traces.
"Our contacts are one phone call or messenger text away. Staying in touch has never been easier. But just like during the industrial revolution, today's new solutions can be used to fulfil both noble and malicious aims. Technology undoubtedly makes resource intensive processes (data exchange, automation) easier and speeds them up but if these devices end up in the hands of ill-intentioned people, they can also be used to spread false information or damage systems (network, power stations).
"Citizens of the information age need to be conscious of the digital dangers and know how to protect themselves and others from these harms. Additionally, we as parents and teachers are role models who show our kids how to be aware of threats. We notice malicious or lazy uses of computers and smart devices and react!
"Preventing these situations and informing students of smart device dangers is just as important, so we need to become more aware of being safe and implement safety measures every day.
"I'm inviting you to ponder the subject of smart device (here I primarily mean smartphones and tablets) security with me.
What do I have on my smart device?
"At first glance, it might seem that there is nothing really valuable. This creates a false sense of security – I have nothing to lose. Let's take a wallet and a smart device and compare the damage losing them to someone ill-intentioned would do.
"Comparing the contents of a wallet to that of a smart device, it often appears that the latter is much more valuable.
|Package containing important valuables||Wallet - costs a few dozens euros.|| |
Smart device - costs a few hundred euros.
|Money||There usually isn't a lot of cash in wallets, e.g. 10–50 euros. Debit cards hopefully come without personal identification numbers and passwords.||There is no cash but it might contain access to bank accounts, credit cards or information assets.|
|Important (sensitive) data||Usually wallets contain no sensitive data but they might provide access to sensitive data (ID card, access cards) and sometimes user names, passwords and personal identification numbers.|| Access to social networking sites. |
Depending on the user's awareness, their accounts might contain personal data, including that of the people in the conversation.
Contains location and navigation data, sometimes user names and passwords.
|Pictures, videos||Some photos of your close ones without names.|| Access to all of the user's pictures and videos, also to friends' data in the network. |
Pictures of your (home) belongings may also contain GPS coordinates.
|Documents, access keys||Driver's licence, ID card, debit card, loyal customer cards, access cards. Receipts, invoices.||Allows people to access many accounts and the contents of the smart device.|
|Contacts||Some phone numbers, addresses, business cards.||Hundreds of phone and social media contacts.|
"We usually know how to handle our wallets because we are aware of what they contain and what we might lose. We know bank and access cards have to be closed off to avoid more serious damage, we know how to get this message across to our kids. When a wallet with documents is lost, you should focus on restoring all of its contents, this takes time and money. But usually losing a wallet doesn't mean losing your reputation.
"It is not that clean cut with smart devices. The following questions arise:
- What was on the smart device?
- Have you made copies of its contents? What contacts, pictures and documents did it contain?
- Could someone access these contents? Is your screen lock safe? What happens if someone makes it past the lock and reads your data off the phone?
- What can be deduced from the data (pictures, videos, contacts, location data, employer documents, and so on) on your device?
- Which accounts can the stranger access? Once you have logged on to the smart device, many applications do not ask passwords anymore.
- Whose data besides yours can the stranger access? The villain might obtain your identity and squeeze out important information from, for example, your company. They will also see the posts of your social media contacts.
- How might they damage your reputation by pretending to be you?
- Could they use these data against you or your employer or to embezzle? Stealing, robbery, extortion, manipulation.
- What should you do, knowing that your personal data are in the hands of someone else who might exploit them?
- What paid services might the villain order from your account?
- Can you still log on to your mail account or have they already changed the passwords?
"These are questions that must be answered before using a smart device. You also have to explain to your kids that your own information assets and those of others should never end up with strangers.
"You can see from the table that in both cases, sloppy storage of (information) assets can result in remarkable damage:
- loss of time and money due to physically losing your wallet or device;
- damages concerning data leakage, villains getting a hold of access data;
- damages concerning data leakage, villains publishing data;
- loss of time and money due to losing data;
- loss of time and money from restoring data;
- possibly damaged reputation from data leakage.
"Losing your smart device and it ending up with someone ill-intentioned is only one possible scenario. There are security concerns that come with everyday use too.
"Hopefully you grabbed your device and checked how you have set things up. If you didn't already, do it now. As teachers and parents, we serve as huge examples to our children."
Find out more information about the work of the Estonian Safer Internet Centre (SIC) generally, including its awareness raising, hotline and youth participation services, or find similar information for Safer Internet Centres throughout Europe.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of the Better Internet for Kids Portal, European Schoolnet, the European Commission or any related organisations or parties.
With the EU's data protection reform measures coming into force imminently, INHOPE - the International Association of Internet Hotlines - discusses the differences between the new General Data Protection Regulation (GDPR) and Data Protection Directive with special reference to hotlines within the wider Safer Internet Centre (SIC) context. Read on to find out more.
- BIK Team
Data Protection Day (or Data Privacy Day, as it is known outside of Europe) is a global, annual celebration marking the anniversary of the signing of the Council of Europe's Convention 108, the first legally binding international treaty dealing with privacy and data protection, on 28 January 1981. In line with this, in April 2006, the Committee of Ministers of the Council of Europe launched Data Protection Day, celebrated ever since on 28 January.