I’m Dale and I work in the information Security team. To support Cyber Security Awareness Month, my colleagues have written a few posts to help you keep your data and accounts safe, and your home devices too. 

Now I’ve pulled together some useful information for you to consider when sharing your own, and Co-op’s information, to make sure it stays safe and doesn’t fall into the wrong hands:

1. Protect your privacy

Lots of us use social media to keep in touch with friends, family and share things that we want people to see. At Co-op we use social media to connect with our customers and members, and we have colleague Facebook and Twitter accounts so you can stay up to date and connect with other colleagues too.

The important thing to remember is that nothing you post on social media is private, no matter what your privacy settings, so you need to be careful what information you post online. You should never post:

  • Where you live
  • Photos that identify where you live, work, car registration plates or computer screens
  • Contact information like an email address or phone number
  • Your date of birth. While we all love a happy birthday post, this combined with other information makes it easier for fraudsters to commit identity theft, spam you or try other scams

2. Watch out for metadata

When sharing pictures or files you may be sharing more than you’re aware of, so always check what data could be stored or tracked by third party apps – does the app really need your location data? If not, say no.

There’s also lots of information you don’t see behind photos and files that you share, called metadata. It can reveal information like:

  • The name of the person who created the file
  • The network user ID of the last person to edit the file
  • The location coordinates where a picture was taken

Here are some handy guides to removing metadata from Office documents and from photographs.

3. Check before sharing Co-op data

Trust is important to us at Co-op. We trust our colleagues not to share commercially sensitive or personal information about our customers, members or colleagues on social media.  But many of us need to share information outside of Co-op as part of our job. So it’s important that you:

  • Only access/share or send personal information if you have a business need to do so, and this is agreed by your manager
  • Check with the Information Security team that the supplier’s passed our supplier assessment process, before sharing any information with them
  • Recognise personal information. This could be obvious things (name, address, age, bank details), less obvious things (online identity, photograph, location data) or sensitive things (health, religion, sexual orientation). All this information needs handling properly, so check with your manager or GDPR rep if you’re not sure what that means
  • Know how to password protect or encrypt personal information when sharing it outside the Co-op by email. Ask your manager or email my team, if you’re unsure how to do this

Like to know more?

We’re here to help, so if you have any questions, feel free to get in touch with us at: askinformationsecurity@coop.co.uk 

Dale Upton
Information Security Policy and Standards Specialist

Join the conversation! 4 Comments

  1. We really should consider whether we want to remain on Facebook at all.

    It has turned into a platform that does nothing effective to prevent hate speak, electoral fraud and fake news.

    It’s arguably a threat to democracy.

    Cambridge Analytica was the tip of the iceberg – they weren’t the first, and that sort of activity hasn’t stopped.

  2. A few things to keep in mind:
    LinkedIn is often the first point of call for hackers trying to learn more about staff in a company they want to target.
    Professional bodies quite often publish details of their members but there is also usually an option to reduce the amount of details or to remain hidden if you look.
    Data from running or cycling apps is often shared online but this can often show home addresses.
    Your details are available in the open version of the Electoral Roll unless you tick the box on the form to ask for them not to be.
    There are free tools available to hackers to automatically gather data on members of a company that they can then use to craft phishing emails.

    This isn’t about everyone being terrified of the internet (don’t be, it is a great resource and an important part of modern life) but, just as we lock our front door and shut our windows to make it harder for petty thieves, making sure we don’t unintentionally share information that can put us at risk is part of those basic, common sense measures that we need to take to stay safe online.

  3. Interesting article – food for thought

Comments are closed.

Category

IT

Tags

, ,