Look before you connect – Know what data your social apps and accounts are sharing

Updated: Apr 13


Whether it was a business correspondence with your manager, or a funny meme shared with your friend, the chances are, your last communication with someone was on a social messaging app.


The ubiquity of social messaging in both personal and professional spheres means that the messages you send reveal a great deal about you and your life. For many users, it is a fine balancing act of juggling personal, corporate and public information, ensuring each piece of information never falls into the wrong hands.


Putting a lock on your data


Usually, organisations will only collect personal data that are necessary to provide the product or service, if they are situated in a country where data protection laws are in force. For social media platforms, it is up to the end user to decide whether their personal data provided voluntarily can be shared on public space or only privy to their private group of friends.


However, putting on privacy locks do not necessarily guarantee the security of private content. “There will always remain the risk of a hack into the servers where such personal data has been stored and in such a case, the otherwise ‘private’ personal data may be obtained by the perpetrator and made public,” Steve Tan, Deputy Head of Technology, Media & Telecommunications from Rajah & Tann Singapore, shared. “Hence, a cautious end user should only upload to reputable sites with good security measures or adopt the stance of being circumspect about what personal data to upload to platforms.”


Therefore earlier this year, when WhatsApp updated its terms of service announcing it reserved the right to share user data with its parent company, Facebook, a large exodus of users followed as concerned individuals switched from WhatsApp to alternative messaging platforms such as Telegram or Signal.


The fears of the general public are not unfounded, as social networking platforms like Facebook, have been increasingly becoming more commercialised with monetisation and business features. Posts from connections and followed pages are interspersed with shopping ads and suggested posts that eerily match your interests. One cannot help but wonder if social apps have been eavesdropping on your conversations and activities to gather data about you.


Trendy or shady?


More often than not, when a brand new social app emerges on the market, many would adopt it as part of the trend, only to find security loopholes later. As a precaution, Rajah & Tann Cybersecurity CEO Wong Onn Chee advises, the end user should evaluate vendor or developer’s reputation on the app store first before downloading. “Generally speaking, go for those which are trusted by many people. That being said, public trust does not indicate whether the apps are indeed secure.”


Without proper equipment and capabilities, it is usually difficult for an individual to evaluate the security of a mobile app on their own. For that, check out Rajah & Tann Cybersecurity for assistance in security assessment services.


The fine print


Although it is mandatory for apps to request for user permissions upfront for things such as location and contact lists, few have bothered reading the fine print in the terms of service and privacy policies. It is highly likely many users have unwittingly consented to sharing of “hidden” data like IP address and app usage habits to other integrated services. With such data, tech giants like Google and Facebook are able to analyse its audience demographics and inject targeted messaging into each individual’s online browsing experience.


Handling your “keys” safely


For added convenience, many apps and services allow Single-Sign-On (SSO) using social media accounts to cut down the registration process and save the hassle of remembering multiple logins and passwords. However, in the event that your social media account is compromised, services linked to the same account will be impacted as well, making your accounts more vulnerable.


One must be prepared that all content in your social media accounts could be accessed by such apps and services. “It is advisable not to link other online apps or services to your social media if you can,” said Mr Wong. “However if you do wish to link, you must be prudent not to share content, that you do not want the linked external online apps or services to know, onto your linked social media account.”


Nowadays, as most people access social apps on mobile, it is important to review your trusted device list now and then. Like keys to a house, social apps use access tokens linked to your mobile device to provide secure access to your social accounts. Avoid sharing your credentials or logging in on another phone to reduce the risk of your account being hijacked.


Likewise, Mr Wong also advises that one should keep their mobile devices ‘clean’ by refraining from installing too many disparate mobile apps such as mobile games, in the same mobile device used to access social media accounts. It is recommended to use different mobile devices for different purposes.


The rise of data privacy awareness


In the recent years with the Facebook-Cambridge Analytica scandal and rise of pandemic era contact-tracing apps by governments worldwide, greater light has been shed on the importance of personal data privacy and protection. Scrutiny from civil society forces companies and governments to be transparent with how they manage this data.


While individuals have been quick to respond to issues of data protection, the corporate world has yet to experience the same awakening. The increasing popularity of BYOD in offices, coupled with the digitisation of the workplace due to Covid-19, has resulted in a more nebulous line between personal and professional correspondences. Instant messaging apps have become indispensable as a conduit for work-related communication – research shows that more than half of office workers use messaging apps for official work correspondences. As businesses adapt to this crossover of personal and professional spheres, more of them are awarding them the same scrutiny and protection as traditional forms of business correspondence like emails. With online correspondences on the rise due to work-from-home arrangements, cyber attacks and data breaches are becoming increasingly common in the corporate realm, and can no longer be ignored.


As companies begin to understand the importance of keeping their data protected, there has been an increase in the demand for cybersecurity and digital forensics services, which go hand-in-hand in protecting companies’ data and fortifying their defences against cybercrimes. The question now is not about ‘if’ these cyber threats will surface, but about ‘when’ – and when it happens, vulnerable businesses will be disadvantaged.


Rajah and Tann Cybersecurity and Rajah & Tann Technologies provides end-to-end cybersecurity, digital forensic and other legaltech services catered for your various needs. Find out how you can protect you and your company from data breaches and cyber crimes today.

84 views0 comments