In order to reduce the likelihood of becoming a cyber crime statistic just ask yourself a couple of questions.
I was recently discussing with West Mercia Police the current state of cyber security awareness amongst the general public. West Mercia, like many other Police forces are currently undertaking an outreach campaign of education and online crime prevention. The two highly experienced officers I spoke with were very open on how much work there is to do in order to help the public understand that they are at risk.
As ‘traditional’ crime falls, online crime is soaring. The ONS recently published figures stating that 6,000,000 crimes were committed in the UK last year that related to cyber crime or online fraud. That means we are now living in an era where 1 in 10 people have suffered at the hands of cyber criminals.
If crime prevention and public awareness schemes are to work, like they have done in the past, the issue needs to be made as simple as possible. This isn’t because I think that the public cannot understand complexity, but simple things are just easier to remember. With that in mind I have attempted to distill down online crime prevention to two simple words: ‘Privacy & Trust’. That’s all.
To expand ‘Privacy & Trust’ just a little bit, it is in fact two simple questions:
“What information do you wish to keep private?” and
“Who do you trust with personal details about your life?”
If the public can keep those two questions in mind when they are doing any online activity, then they can reduce their chances of being another crime statistic.
Taking Privacy to start with, we all naturally like to keep elements of our life private. This does not mean we have anything to hide, but our own judgement has determined that some information is of nobody else’s business but ours. When applying this to online behaviour consider for a moment that you only have to provide the minimum level of information necessary in order to obtain the product or service you require? Much of the data requested is to obtain a greater understanding of you as a consumer and your behaviour, so that companies can quite legitimately cross sell you additional products or services that may be of interest to you. Only provide what you need to provide, the rest keep private.
As for Trust, again when doing any form of online activity that requires you to hand over personal data, it is perfectly legitimate to ask – “Do I trust this company, this service, or this website?”. If you don’t then don’t use it. Find an alternative from a company you do trust. Listen to that little voice inside of you that says “I don’t feel good about this” and not to the usual louder voice that says “I need this, and I need it now, I’m sure it’s safe”
Remember those two questions and slowly but surely you can start taking more control of what information you provide and to whom. But what about the information that is already out there about you? Has that cyber ship sailed? No, not at all, if you want to know what information a company holds on you – just ask them.
You can use a tool called a ‘Subject Access Request’, which is created by section 7 of the Data Protection Act. This is a simple letter that you can send to a company that you have had, or have, dealings with and ask for a copy of the data they hold on you. They have a legal obligation to respond within 40 days. This can be any company that is bound by the Data Protection Act, which is pretty much everybody, including ex employers, businesses or the government.
Once you have this information you can decide if it is accurate, if it requires changing, or if you no longer believe that this company requires it you can ask for it to be removed. For example if you registered for a catalogue from ‘Joes Sofa Company’ 3 years ago and have not purchased anything from them then get removed from that data base. Remember if they get hacked and lose data, your details go out into the deep dark web for an unscrupulous individual to scour in order to determine if there is any value there.
Why not write out a list of all those companies or organisations you have regular dealings with, you’d be surprised that it probably doesn’t number more than a couple of dozen and over a period of time contact them all. Find out what they know about you and decide if you want to keep any of that private, and if you actually trust these suppliers. If you don’t then get removed, this is no different to asking BT to make you ‘ex directory’ back in the days before we all got connected.
This all may sound like an attempt to get worms back into a can, but this beneficial change in digital behaviour is no different to eating healthy or taking more exercise in the physical world. And if you are not going to do it now, then when? Wait until you have been a victim of crime and then do it? That’s that same attitude as waiting until you have had a heart attack before giving up chips.
Data about you, belongs to you, companies and organisations are just custodians of it. If you want them to have only the minimum data needed to provide you with service and keep the remainder private, then you can. If you don’t trust them for whatever reason, then get your data removed. The less data there is about you out there, the less chance you have of becoming a victim of crime. Do you want to become a victim of cybercrime? You don’t have to tell me; you can keep that private.