Dubai: Dubai-based Clint Arnold is on Google, looking for a local antique furniture shop. Needless to say, he instantly gets a number of options to explore. Later that evening, when he is on Facebook, he is surprised to see two furniture showroom ads with just the kind of stuff he wanted pop up on his home page.
Elsewhere, another resident, Sheela, decides to attend a property show from her home country, India. To gain entry into the event, she must fill up an online form at the venue. She thinks nothing of it as she hurriedly keys in the details. Ever since, she has been getting a number of text messages, even overseas calls from developers in Mumbai where she hails from.
“I don’t know how they get my contact. I’ve never made any direct enquiries with them,” she said.
The answer is that there are no coincidences.
Under the radar
Mohammad Ameen Hasbini, senior security researcher at the cybersecurity major Kaspersky Lab, told Gulf News: “Algorithmic profiling is a common form of big data analytics that businesses use to understand consumers and their online behaviour.
Through a variety of collected datasets, analysts can merge and study information to find more complex targets. Automated algorithms work in the background and remain under the radar to gather users’ data. At any given time, people visiting a site or using an app have no idea that the technology is categorising them based on their actions.”
- Ameen Hasbini | Kaspersky Lab
In other words, without your knowledge, you can be tracked and your personal details fed into a data bank that can be shared with anyone for the asking, should there be a breach of confidentiality.
Hasbini said nothing illustrates this better than the recent data breach at Facebook globally or at a car booking service within the UAE. “The Facebook security incident affected almost 29 million users. Cambridge Analytica received user data including names, dates of birth, interests, photos and friend lists without the users’ consent or knowledge.
- Dr Richard Ford | Forcepoint
Back in April, a car booking service in Dubai also admitted to a breach that compromised the personal data of 14 million customers. However, they stated later that they didn’t find evidence of fraud or misuse related to this incident.”
Dr Richard Ford, chief scientist at Forcepoint, said such breaches illustrate a fundamental truth of the new digital economy. “When I share my personal data with a company, I am putting my trust in your ability to protect that data adequately. Users need to continually evaluate the type of data they share and the potential impact a breach of that data could cause, to become an active participant in protecting their own online identities.”
What the implications are
As Reda Hegazy, senior legal adviser and arbitrator at Al Suwaidi & Company Advocates & Legal Consultants, pointed out: “Many of our daily dealings to avail services require the disclosure of our personal information with different service providers, without any guarantee against misuse.”
But what does the law say? Hegazy said: “In the UAE now, we do not have a specific law that protects people’s personal data. But there are several UAE laws that maybe applied in this context, like the Cyber Crimes Law for misuse/abuse of electronic information, Civil Code for wrongful act against another person’s privacy rights and the Penal Code which penalises a perpetrator who accesses another person’s data information and discloses it without consent. A victim may file a criminal complaint to investigate the violation. The police has a special division to investigate cybercrime offences.”
- Reda Hegazy | Lawyer
Implications of sharing information in public places using public networks can be serious.
“Once you connect your mobile phone or laptop using a public or unsafe network, which could be at a coffee shop, mall or airport, there is a possible danger that your device can be hacked, with your data being copied and used to log in to your bank account, Facebook account or other personal accounts.”
Hasbini agrees. “Users need to exercise caution when it comes to revealing too much data about themselves online and keep in mind that any information, no matter how insignificant, can be misused. Much like you wouldn’t tell a passer-by on the street your home address and number, you need to take responsibility for the security of your private details and not assume it is secure and untouchable within a website or application.The consequences of being negligent could be serious.”
Giving an example, he said, “Many people think that posting a picture of a boarding pass to social networks is a great way to brag, when it could also be the first step to a nightmare. The simplest way this data can be used against you is that criminals can find out when you leave and return, based on the booking number. Without realising it, you have provided valuable insight for burglars or car thieves to break into your home or steal your car.”
Tips to protect your personal data
Ameen Hasbini, senior security researcher at the cybersecurity major Kaspersky Lab, says keeping your passwords, financial and other personal information safe and protected from intruders is crucial. “People nowadays live in a digital-first society and share huge amounts of data every day, without even realising it. But that value is intangible until someone asks what it is worth, takes it away or holds it for ransom.”
Here are a few tips you can follow to stay safe and protect your online privacy:
■ Always do a check on the security settings of every social network you use. Scammers, who gather users’ private data, can use any personal information for fraudulent activities.
■ Secure your primary email which is tied to the majority of your online accounts, such as banking services and other important sites.
■ Be careful when you post any scans and photos online, especially when it comes to IDs, tickets and billing documents. Criminals can misuse this information or steal your personal data, like banking credentials.
■ Don’t use open WiFi networks. They may appear to be secure; however, cybercriminals can create a similar network, with only a laptop and Wi-Fi adapter and steal logins and passwords of users.
■ Avoid unreliable passwords. If you use weak combinations, which consist of letters only, you are not protected at all. Also, try not to use the same passwords for different accounts.
In figures
51% of respondents from UAE agree loss of data would be a disaster
YET
73% are unconcerned about the risks they may face, says a survey
