technology podcast

How to Protect Your Digital Data? The Dangers of Cyberspace

In today’s digital landscape, protecting your personal information is more critical than ever. Cyber threats like spoofing and spear-phishing are on the rise, targeting unsuspecting individuals and organizations. In this article, with the help of a technology expert, we delve into the concept of social engineering, highlight the risks of using public Wi-Fi hotspots, and offer practical tips to safeguard your data. Empower yourself with these essential strategies how to keep your digital life secure by reading our article!

The development of new technologies, most of which are already operating using artificial intelligence, is undoubtedly a favorable and beneficial phenomenon. Modern tools help us not just at work but in regular activities as well. Employed not only by marketing or engineering teams to analyze data and refine code but also by homeowners to control the lighting and choose a movie for the evening, tech solutions are already an indispensable part of everyday life. However, it would be negligent to say that technological evolution does not carry threats. Like all advancements, this one has already been widely exploited by offenders seeking to extort our sensitive data. Cyberattacks, including malware and phishing, which can be done using spoofing, can target individuals, businesses, and even governments. So how can we protect ourselves from such attacks?

Phishing attacks have become increasingly advanced in recent years, using high technology to get individuals and organizations to reveal sensitive information. Cybercriminals often employ techniques such as spoofing or spear-phishing. Spoofing can be done through various means, such as emails, websites, and even phone calls. Email spoofing takes place when hackers create and send messages that appear to come from credible sources. Phone spoofing (also known as caller ID spoofing) involves falsifying the information transmitted to the caller ID display. Scammers can make it appear as though the call is coming from a familiar, added number, such as a bank or even a family member. Such a type of attack is also called a “man-in-the‑middle attack” since there is someone who wants to get in the middle between the user and some system to steal the data. Altering the communication between two persons and controlling messages between them to make victims believe that they are directly communicating with each other is only one of the techniques possible. This tactic is used to gain the victim’s trust and prompt them to take actions that could compromise their personal information and financial security.

Spear-phishing means targeting specific individuals, using their personal information to create convincing messages. In addition, attackers use social engineering tactics through social media platforms, persuading users to click on malicious links or download harmful attachments. Developments in artificial intelligence and machine learning have further exacerbated this problem, enabling the creation of highly personalized phishing campaigns that are difficult to distinguish from genuine mailings. AI, for example, can analyze vast amounts of data to identify potential targets and customize messages that will increase the likelihood of the attack being successful. As a result, individuals and organizations must remain vigilant, employ solid security measures, and educate themselves on the latest phishing tactics to protect their data effectively.

How to keep your data secure tells Bartosz Czerwiński, a guest on the Smart City Navigators podcast. Former CTO at Naviparking and co-founder at Shaped Thoughts tells us what lies behind the phrase “social engineering”, what we can do to increase our online safety, and what entrepreneurs should do to ensure the company’s security.

🖋️ What is social engineering?

Social engineering is a broad term focusing on using psychological methods to convince people to do certain things; it’s all about tricking. It is a set of methods and techniques that can be used to make people do what you want them to do. (...) It’s about talking to someone, sending them a message, or doing something that will actually guide the victim towards the desired activity that the perpetrator wants them to perform to get to the target, explains Bartosz Czerwiński.

The expert notes that this very concept is not a novelty. Kevin Mitnick used social engineering techniques in the late '80s and throughout the early '90s to carry out cyberattacks. He managed to obtain secure information and passwords which he then used to get access to the systems; he achieved his goals not by hacking the systems themselves, but precisely the people.  
Today it is the same mechanism, and it’s not even fully digital still. Many times, even this year, I was facing a situation where I received a phone call from someone who said “I’m an employee of a bank,” the bank I do have an account in, so that sounded quite safe to me, admits Czerwiński. This person was trying to pass me a message and because this message was sensitive, which was the next thing that made it sound important, they wanted to ask me a few verification questions (...). You can easily fall into a trap. (...) You answer a few questions and then in the next few days you receive a notification from your real bank saying that they received a request for a loan, he remarks.

Perpetrators can also gather information straight from our social media. Nowadays, people are posting pictures of their pets on Facebook groups, pictures with family members from vacation on Instagram, and feeding algorithms with data that is a very vulnerable asset. The co-founder of Shaped Thoughts proves that it is not difficult to identify who we are or find bits and pieces of information about where we live or what we like:

Many platforms have this mechanism of retrieving passwords so that when you lose access, you can reset the password by answering a security question. Many of those questions, suggested by default, are about simple things like “What is the name of your pet?” or “What is the color of your car?”. They are simple because the answer has to be simple to remember. And then anyone can easily find the answer to that on the web, on our social media, and use it to access our account, proves Bartosz Czerwiński.

🪪 How to protect data?

No matter if you are an individual who just wants to use the latest technology tools or a company that builds great software, you have to be aware of security as a topic, an area that requires awareness and investments.

Bartosz Czerwiński, co-founder at Shaped Thoughts
As new cyberattack methods continue to emerge, it is highly difficult for an internet user to guard against them. Bartosz Czerwiński gives the most essential ways to increase the security of our data:

➡️ Use multi-factor authentication.  It is something that not every system has already implemented, however, I guess that in the next few years, it’ll be a standard because just a password and a username are not sufficient. When you access your account from a new device, for example, the system detects it and wants you to give the second factor which can be a one‑time password or some kind of a security code.

➡️ Do not trust your device.  The first thing to be aware of is that by default you cannot trust your device. Basically, anything can happen even though you may be super aware and secure in terms of what not to click, what not to open, and what messages not to read. However, you can give your device to anyone, your friend or a child, and say, “Play around, there is a new game I just downloaded, you can use it.” And then, in that game, there is an advertisement that this person clicks and it navigates them towards a malicious website that will download malicious software and then you're done.  
➡️ Stay vigilant. If you receive a message about the package that you expect, and you see that they ask you to do something about this package, you can easily fall into a trap. You have to be cautious and read it carefully. Because most often, as we live in Poland, companies you can use to order a package will communicate with you in Polish. If there’s a hacker group outside of Poland, they most likely don’t know Polish and will send you a message that is translated into Polish via Google Translate or any other service, and the language won’t be good. So be aware of those little signs showing that something is wrong.  
➡️ Use anti-malware software. It’s good to have something installed on your device, even on a mobile phone. Making sure that there is something that is actually looking towards activities that may harm you or your device is a very good practice because this software was designed to protect you after all.   There are also other simple steps¹ you may take to maximize the safety of your device.  
➡️ Keep your operating system or internet browser up to date. It is the goal of cybercriminals to find vulnerabilities in software before companies can patch them. Updating your software regularly protects you from data breaches.

➡️ Make a backup. Cyberattacks can encrypt or delete your data. Having a backup ensures you can restore your information. For businesses, data backups are essential to maintain operations during and after an attack which minimizes downtime and helps in quickly resuming normal activities.

💻 Public hotspot security

In public places, we often wirelessly connect to the internet–at McDonald’s, in a shopping mall, or on the train. How dangerous is it to use hotspots?   Anything that is in public is unsafe by definition, especially when you access an unsecured network because many of them don’t even use encryption. When you connect to a hotspot, you see on your computer whether it is a secured or unsecured network, which means whether the transmission between your device and a hotspot is encrypted. When it is not encrypted, the risk of being hacked is even higher, says Bartosz Czerwiński. 

So does using an unsecured network mean we are not protected at all?   Of course, we have an additional layer of security, we can talk about the encryption of the data being sent between your browser and the server. For instance, when you connect to your email provider or online transaction service from your bank, those companies do offer TLS or an SSL type of security, which ensures the traffic between the server and the end user is encrypted. Then, if you are connected to a public hotspot without encryption, with the encryption that your provider guarantees you will be much safer. However, although one cannot easily read the data, they can see the transmission that is happening, the expert notes.  
In public hotspots, if you want to do some browsing, read some news, that’s pretty much okay. But do not perform any activities in that network that involve sensitive data. For instance, if you want to do a money transfer, that is pretty unsecure. It may not even be the hacker that is trying to connect to your device and steal the data, but it may also be a person standing behind you and looking at your keyboard, points out Bartosz Czerwiński.

🔏 Data protection in companies

The weakest link in a security system is a human being, says former CTO at Naviparking. One of the things that may sound pretty simple is to make the users and employees of the company aware of the security procedures, security mechanisms that are implemented, of the potential security threats, and threats that actually happen. This awareness, which also includes training the staff, training engineers how to write code so it’s secure, for example, this is something that should be essentially present in a company, he emphasizes.   
Hiring professionals who can perform security audits, check the infrastructure, or check applications and products that are being built is important as well, adds the expert. Even if you have super-skilled developers, rarely are they skilled in security. It is a trade that requires a lot of learning, a lot of effort to understand how systems work top-down. This difficulty also lies in the fact that every day, many new threats are coming and you need to stay up to date. You can hire a security engineer or a chief security officer who will make sure the company is abiding by certain rules and standards, and who will make sure periodic security scans are being performed. This is a continuous, multi-dimensional process.
In addition to the need for continuous monitoring of network, data, and software security, researchers² also mention the necessity of reasonable granting of admin privileges and file access based on actual employees' needs.

Safeguarding your digital data requires a multi-faceted approach. By staying vigilant against phishing attempts, understanding the tactics of social engineering, and implementing security measures, you can significantly reduce the risk of data breaches. Always be cautious when using public hotspots, as they are often unsecured and can expose your data to potential threats. For companies, it is crucial to establish comprehensive data protection policies, conduct regular security audits, and educate employees about best practices. By taking these proactive steps, both individuals and organizations can more effectively protect their valuable digital information in an increasingly connected world.

If you want to learn more, listen to the conversation with Bartosz Czerwiński on our Smart City Navigators podcast:
And if you prefer, you can also listen to the episode on Spotify.
Listen to the podcast on Spotify
¹ Protect Your Personal Information and Data. (2021). Federal Trade Commission Consumer Advice. https://consumer.ftc.gov/articles/protect-your-personal-information-and-data#network
² Porter, A. (2022). What Is File Security? 5 Best Practices. BigID. https://bigid.com/blog/what-is-file‑security/
social engineering, digital safety, spoofing, spear-phishing
Joanna Nowak
Junior Content Writer
Junior Content Writer

See more similar posts

01––03
technology

How Can B2B Companies Prepare for the Economic Crisis Using Modern Technology?

When the economic landscape faces unprecedented challenges, B2B companies must harness modern technology to thrive. Adapting to the changing economic circumstances requires a blend of agility, innovation, and strategic thinking. Whether it is about preparing for its arrival or dealing with the crisis itself, when it comes to innovation, modern technology enters the scene. Explore with us actionable pathways for B2B growth during crises, where analytics, optimization, and remote work play a critical role.
Read more
technology podcast

Artificial Intelligence: How to Harness Its Potential?

In the times when artificial intelligence (AI) is rapidly transforming our world, understanding its potential and practical applications is more crucial than ever. From the development of sophisticated algorithms to the everyday tools we rely on, such as Google Translate and DALL-E, artificial intelligence is becoming an indispensable part of our reality. This article delves into the evolution of AI, explores the tools that enhance our productivity, and features an insightful interview with a media and technology expert on how to effectively use the power of Chat GPT. Do join us as we uncover how to harness the full potential of AI and navigate the future it promises.
Read more
digitization

What Is the Internet of Things and How Is It Entering the Daily Lives of B2B Companies and Customers?

The Internet of Things refers to a network of physical devices embedded with sensors, software, and network connectivity. These devices collect and share data, bridging the gap between the digital and physical worlds. From smart home devices to large‑scale applications like disaster monitoring, IoT has become an integral part of our society. In this article, we explore how IoT impacts B2B companies and customers, driving innovation and operational efficiency.
Read more
View all posts