April 11, 2022

Data Privacy: Don’t let the pandemic loosen your guard

By Barry Cook, Data Protection Officer, VFS Global

No doubt, growing awareness of data privacy has enhanced how people take care of their personal information. But there are times when we tend to drop our guard, and mostly these are phases when we are anxious.

As many Nigerians have received vaccines, it is common practice to carry vaccine certificates on smartphones forgetting that having such sensitive information on smartphones puts them at high risk for misuse as fears of rejected access might overpower the sensible things to do. And although vaccine regulated access control is not common in Nigeria, we will likely see this trend start and the challenge for digital users is to be aware of these and other vulnerabilities in such settings.

Vaccine certificates, as we know, contain sensitive personal information such as a person’s name, date of birth, age, and gender. Given that an individual’s date of birth is commonly regarded as personally identifiable information (PII) in many countries, it exposes a large population to risks of identity thefts and other kinds of cyber frauds. Rising cybercrime statistics prove that such unprotected data can be easily hacked into or accessed through a Wi-Fi or Bluetooth connection automatically picked up by your phones.

Also, flaunting vaccination statuses to social networks is a new fad amplifying these risks. Many citizens have felt the need to declare their vaccination updates on social media feeds and help in raising awareness due to governments aggressively rolling out immunisation drives. Social media timelines are flooded with digital copies of COVID vaccine certificates in many cases.

It’s imperative not to get blinded by the comforts brought into our lives with the evolution of digital technology. Our growing dependence on online products and services exposes us further to security threats and privacy breaches. These risks assume greater relevance, considering the exponential rate at which personal data storage on cloud services have grown during the pandemic. In 2021, the worldwide end-user spending on public cloud services grew 18.4% to $304.9 billion, forecasted a Gartner report. However, have we been able to ramp up our data-security measures at par with these changes? Perhaps not because businesses did not foresee this scale of digitalisation and hence never felt the need to shift gears.

Users worldwide fell prey to cybercrime, and common trends included ransomware attacks, devices with proprietary operating systems witnessing increased vulnerabilities, android spreading malware and an increase in potentially unwanted applications. As per the 2020 state of malware report, the period between January – December 2020 saw a 565% spike in malware detections. Spyware app detections at the same time grew by 1,055%. The pandemic also created new challenges to online privacy.

Governments across the globe find themselves at crossroads. Finding a middle in their endeavour to safeguard citizen privacy and digital contact tracing of the virus is probably the greatest challenge. At a recent public hearing, data protection experts warned a UK parliamentary committee about the perils of exposing critical health data of large populations to private sector players.

Device vaccination is as important

Patch updates or security updates periodically sent out by mobile manufacturers can shield your phones from potential breaches.  Manufacturers recommend that patch updates be set to automatic to update and protect your devices automatically. Much like how the COVID -19 vaccination does not guarantee 100% protection, device vaccination also goes only so far, but it does mean one should not attempt to safeguard their devices.

The most effective step is to be careful while using your devices and not click on the “OK” button or link when random pop-ups appear on the screen. Being attentive and mindful can avert most attacks and prevent one from becoming part of the chain of compromise. Conventional thinking cyber experts advocate making physical copies of vaccine certificates or other documents that carry an individual’s PII over digital copies to minimise risks.