Skip to content

Information Security and Privacy

green security lock

In my previous blog, I covered several important information security topics for church/parish staff and volunteers. Today, I want to help you help your congregation and parishioners recognize their vulnerability to information sharing and what they can do to improve their privacy and security. This is so that you, your church/parish staff, volunteers, and members will be better prepared to withstand the digital “vacuuming” that goes on constantly.

I’ve had friends, family and colleagues tell me, “Why should I be concerned about privacy, I have nothing to hide!”  The truth is, your personal information is just that — personal. When, how, and with whom you share it should be your choice. In this digital age of speed and convenience, however, we willingly and regularly give away our personal information without a thought. Marketers, sales people, data aggregators, data resellers, the government — all these entities and more seek your information (also called Open Source Intelligence or “OSInt”) so as to create a “digital footprint” about you.

The following chart is a sobering look at just how many vendors and sites are collecting, cataloging, and sharing your information:

As a result, more and more of your information is beyond your control. We give away our location and associated activity all the time. How many of you have seen this pop up when browsing the internet?

Because we want the convenience and features of all these sites to work, we typically press “Allow” without giving it a second thought. Data analytics firm Domo estimates that in 2019, Americans used 4,416,720 gigabytes (thats 4,416,720,000,000,000 bytes) of internet data including 188,000,000 emails, 18,100,000 texts and 4,497,420 Google searches every single minute.

So what can you do to limit data collection? First, you must know where and how we’re giving it away…

Types of Data Collection

  • Social media: Facebook, Amazon, TikTok, Discord, Reddit, Snap, Twitter, WhatsApp, and YouTube all engage in collecting your data about you personally, your system use, and what other sites you visit. It has gotten so pervasive that the Federal Trade Commission has ordered these companies to provide information to the FTC on how they use your personal data.
  • Smart devices and the Internet of Things (IoT): Who’s watching your security cameras, smart toasters, NEST thermostats, garage door openers, etc.? The answer is everybody! Using Shodan.io, the browser of the IoT, you can find all kinds of devices that are internet connected, (and many times not using a password) or using the default vendor-provided (and well known) password.
  • Web sites: Almost all web sites attempt to track your location and collect information about your browsing history, your computer, and several other settings in your web browser
  • Search engines: Google knows a scary amount of information about you.  Oh, and since Google owns YouTube, it knows what videos you like to watch too. The other major search engines, such as Yahoo, Bing, and Ask, also perform click-tracking and data collection.

It’s not too late to do something about it. Start training your staff and congregation on these steps to control your information…

Control Data Collection

  • Limit or turn off geolocation on your phone (here are instructions for Android and iPhone). This can prevent apps that use your location data from functioning properly on your device. You can shut off location services for individual apps.
  • Social media privacy and security settings* can be adjusted for off-network sharing (which can result in ads from Amazon showing up in your feed based on your searches) and other data sharing and tracking. Check out these links for Facebook, Twitter, Snapchat, Instagram, Pinterest, and Linkedin for more information about managing your settings for these social media platforms.
  • Change the privacy and data sharing settings on your smart devices. Does your toaster really need to send that data to the vendor? In addition, change the default password on all smart devices!
  • Web browsers now incorporate an incognito (or inprivate) mode to discourage advertisers from turning search queries into targeted advertising. However, I recommend the Ghostery add-on to keep web trackers and third-party ad cookies from making their way into your browsing sessions. Once you run it, you’ll be amazed at all the tracking activity it blocks. It does this without hindering your browsing experience at all. Search for “Ghostery” in your browser and it will lead you through the steps to install it.
  • Search engines are a useful tool, but they can collect and track your information — here’s more information on limiting what Google collects and shares. Several search engines advertise they don’t track your search activity. Yippy, DuckDuckGo and Startpage are among the most popular.

It takes time and effort, but you can be in control of your information and break the cycle of unregulated data collection.

* Of course, the best way to protect your information through social media is to not use social media.


Resources:

  • Check out who lives there.
  • Find all kinds of IoT devices…probably without passwords enabled.
  • See how OSInt works.
  • Learn more about the Federal Trade Commission’s resource on data privacy.
  • Interested in learning more? The open source framework is a handy tool to explore the open source intelligence (OSInt) ecosystem. The framework links to several hundred web sites all devoted to an aspect of OSInt and is easily navigated.

Read More:

Information Security for Staff and Volunteers

Leave a Reply

Your email address will not be published. Required fields are marked *