How to ensure identity protection and confidentiality?

Identity Protection and Confidentiality are the two very important concepts of the cyber world. They are majorly concerned with our privacy and security. Identity protection is necessary in order to protect ourselves from identity theft, which everyone might have heard, is happening the most nowadays. Confidentiality is one of the concepts of Information Security and in order to ensure the security of our data completely it needs to be taken care of. In this article, we will get to know what is identity protection and confidentiality, the threats associated with them and what can we do to ensure and protect them.

What is Identity Protection? 

• Identity is what makes us a unique people. As the usage of the internet is growing enormously and we are spending most of our time using the internet, we have our identities defined as a person in the online world too.
• While creating a social media account say Facebook or Instagram, our email id and password help the social media identify us as a unique person as no other person in this world can have the same email-id as us. Similarly, for us, our username and profile photo makes us get identified uniquely over the internet by our friends or other users.
• Now as we increasingly use the Internet, social media sites, our mobile phones, there comes a risk of identity theft. It is possible that someone else by some means pretends to be us and may use our personal information for personal benefits, monetary gains, revenge purposes, cyber espionage, etc. This is known as identity theft and in order to prevent it we need to have “identity protection”.

Threats to Identity Protection

Identity protection is a necessity and it can prevent identity thefts over the Internet. In fact, the need for identity protection arises due to the occurrence of identity theft. Identity theft is an unlawful act of stealing someone’s identity or personal information without their consent for personal benefits such as financial gains, fame, revenge purposes, etc. There are several types of identity theft that may occur. Some of them are given below:

• Financial identity theft: Someone might steal your identity and gain access to your bank accounts, card details and use them for their financial gains. Or they even blackmail you to pay a certain amount of money after knowing your personal information. This kind of theft is financial identity theft.
• Criminal Identity theft: Criminal identity theft is done by criminals in order to protect themselves from the police and administrative officers and also to save themselves from getting arrested. In this type of theft the criminal stoles credentials and personal information of any other person and impersonates to be him. If Hence they save themselves from being arrested whereas the other person comes in trouble and becomes the accused of the crime of what he has not done.
• Medical Identity Theft: In medical, identity theft fraudsters steals the identity of a person who is availing medical facilities online. This way he can order medicines and drugs for himself seek medical treatment, and then the bill generated goes to the actual person whose identity got stolen.
• Driver’s license theft: In this kind of theft the fraudsters steal your driving license. The driving license serves as an identity proof of a person as it contains all the important details such as your name, age, state you live in, etc. Hence fraudsters can use your driving license for taking loans, issuing credit cards, creating and open new accounts in banks, etc.
• Child identity theft: Fraudsters steal the social security number of a child and use it for gaining money from various government schemes, making several accounts, gaining scholarships money, etc. This kind of theft when occurs mostly stays unnoticed for a long time as children are actually not aware of kinds of frauds happening in and around hence it becomes easy for the fraud person to befool them and get confidential information easily.
• Tax identity theft: This kind of theft is performed when the fraudsters don’t want to pay tax. Hence is pays false tax or gains someone else’s card or net banking information and pays his own tax from other’s accounts. They send fraud SMS, or make fraud calls that appear to the victim are from the revenue department and hence ask them to click on the fraud link or give their personal information. Once the victim shares his personal and financial details, the fraudsters make the payment from their money.

What is Confidentiality? 

• Confidentiality is one of the concepts of the CIA triad which is a security model.
• Confidentiality prevents access and modification of data by unauthorized users. It ensures only the authorized users can access and modify data.
• This allows data to remain protected and secured and offers an abstraction of data as well.
• An example of confidentiality in real life is: suppose we need to withdraw some amount of money from our account. We can do so as we have the ATM pin and we are authorized to withdraw money. We cannot withdraw money from someone else’s account or nobody else can withdraw money from our account. This is what confidentiality is.
• There are several examples of confidentiality over the Internet. An educational website will have a different login for educators and a different login for students. Google Classroom allows students to access lecture notes uploaded by the teacher, and submit an assignment, whereas the teachers can view the assignments, create deadlines for submission, and also can see the scores of students. It happens in this manner because students are authorized to access lecture notes and submit assignments whereas they are not authorized to view their scores and hence they cannot do so.

Threats to Confidentiality 

There exist many threats to confidentiality. Some of them are discussed below-

• Eavesdropping attack: Eavesdropping means secretly listening to someone’s personal conversation without their consent. From this conversation, the attacker gains confidential information and uses it for their own benefit. Eavesdropping occurs in various forms such as mobile phone eavesdropping, physical eavesdropping, etc.
• Man-in-the-middle attack: Man-in-the-middle attack usually occurs over unsecured networks. In this attack, the data packets transferred over the network from sender to receiver are received by the hacker in between them. The hacker can then read the message and extract out useful information for them. He may even manipulate the message and send that manipulated message to the receiver in order to spread hatred or many other reasons. The useful information extracted is then used by the hacker for personal benefits, blackmailing purposes, etc.
• Cracking of encryption: When confidential information is shared over the internet, it is done in encrypted form. In order to decrypt the message, one needs to know the encryption key or decrypt the encrypted message. The attackers use various kinds of encryption cracking tools or their intelligence to guess the encryption key or decrypting the message by understanding the psychology of the person who sends the message. If they become successful in doing so, confidentiality is affected. This is known as cracking of encryption
• Call Tracking: The attackers can track your phone calls made by the use of the Internet by gaining unauthorized access to VOIP ( Voice over Internet Protocol). They may use this information to track the details of who do you call and when, and may overhear your conversation and gain useful information from it.
• Data Mining: In this type of attacks information of a person is stolen from different databases and then combined to get some useful information. This information is then misused by the attacker or fraud person for his personal gains.

How to ensure identity protection and confidentiality?

In order to ensure identity protection and confidentiality, there are certain things we can do or certain precautions we can take. Some of them are given below:

• Be on a secure network: One of the ways someone can steal your personal information is by getting hold of your network. Always make sure you are using a safe network or password protect your network. There are many types of attacks such as DOS(denial of service), man-in-the-middle attack, etc which attackers do in order to steal your personal and confidential information. Hence using a secure network should be your first priority.
• Make use of a Strong Password: Nowadays almost all sites ask users to create an account in order to ensure security on them. So we need to have many passwords and also we need to remember them. However, most people use the same password for all accounts or make such passwords that can be easily guessed. We should not do so. Always make a strong password. A strong password is one that consists of at least 8 characters consisting of lowercase, uppercase numbers, and special symbols. Also, we can make use of password managers such as “KeePassX”, “Clipperz”, “Password gorilla” etc that manage and store passwords online or locally.
• Preventing Phishing attacks: Phishing is a kind of social engineering attack in which attackers try to lure users and then collect their sensitive information. It is similar to luring a fish with a bait that is why it is called phishing. We should be aware and vigilant while using the Internet. We should not respond to fraud mails, visit fake websites or fall into fake schemes or offers.
• Learn what to share and what not: Often we people share everything on our social media accounts in order to gain followers, or seek the attention of other users, to gain popularity or outshine others. But we should not do so. As we value our privacy in real life so should we value it over social media too. We should not share every minute information on our social media because the attackers or fraud persons may stalk us and use it for their benefit. We should try not to share our personal information and only share things to an extent that may not cause any harm to us.
• Use two factor authentication: Two factor authentication makes use of two different factors for authenticating the user. If a user needs to access his account he should enter the user name and password and then enter a secret code or OTP(One Time Password) which he would have received on his e-mail or phone number. This adds and ensures an additional layer of security while accessing the data over the internet. Also, we should make payments only if we know that the payment gateway uses 2FA.
• Accessing Secure Websites: One should always access secure websites which are “https” secured. Sites or links that use “https” are secured and ensure the security of data across the network whereas links or sites using only “http” are at risk of being attacked by fraudsters, hackers, or attackers.
• Make use of encryption: If you are sharing confidential, sensitive, or personal information over the Internet makes sure to use encryption. Encryption is a way to ensure that only an authorized person can access data. For example, if you want to send a confidential file to your friend you may generate an encryption key that will be known to you and your friend only and encrypt your file with that key. Or you can even hide the contents of the file in an image by some means and then share that image over the internet. Also, you can make use of encryption tools such as “openkeychain”, “KeepassDriod”, “MiniKeePass” etc provide you software or hardware form of encryption.
• Update your software as well as PC: Make sure that your phone’s software or windows PC has the latest version installed. Never use older versions of software and applications as they possess security risks. The older or outdated versions of software can easily be hacked by attackers and hackers.
• Avoid using public WIFI  and Public Computers: One should only use secured wifi’s. Public wifi’s possess greatest risks to security. Also, we should try to prevent the usage of public computers such as computers in cafes. These computers may save all your personal information. Even if we want to access public computers we should do it in the guest mode so that information gets saved on them.
• Educate yourself: You should learn about various kinds of cybercrime happening and what should we do in order to prevent them and stay safe. You should study cyber security and adopt safety measures while using the Internet. Also, you should educate others about this too.

Sample Problem

Question 1: What is identity theft?

Solution:

Identity theft is an unlawful act of stealing someone’s identity or personal information without their consent for personal benefits such as financial gains, fame, revenge purposes, etc.

Question 2: What is Confidentiality?

Solution:

Confidentiality prevents access and modification of data by unauthorized users. It ensures that only the authorized users can access and modify data. 

Question 3: What is a password manager? Name some of them.

Solution:

A password manager is a software that allows users to generate, store and manage passwords online or locally. Some of the password managers are- KeePassX, Clipperz, Password Gorilla, etc.

Question 4: Mention some threats to confidentiality.

Solution:

Some threats to confidentiality are eavesdropping attacks, malicious insiders, a man in the middle, cracking of encryption, etc. 

Question 5: Mention one way to ensure identity protection.

Solution:

One way to ensure identity protection is by making use of a strong password. A strong password is one that consists of at least 8 characters consisting of lowercase, uppercase numbers, and special symbols.