More Care for the Safety of Your Stakeholders

[insights] Posted by lemur47 on 9 August 2023

Even if you and I are not of security and privacy specialists, we can be more careful about how we treat customer and client data. The balance between your efficiency and collective care is key.

One of the things I've found most stressful and frustrating in business is the lack of awareness of security and privacy. This serious lack of care is directly related to selfishness and externalisation of responsibility.

In Japan, what's really strange to me is that agents and business owners very often use LINE, Facebook and other social media to communicate and share confidential information with others, sometimes even credentials...

In the case of agencies, they share their clients' information with candidates, such as freelance consultants, through LINE and Facebook. They ask candidates to communicate with agents via social media.

Very interestingly, they first communicate with freelancers via email (with a lot of CCing), then they ask freelancers to communicate with them via social media apps for further communication.

It's the same situation as when I used Airbnb in the Southeast Asia and some hosts forced me to use WhatsApp for further communication. If I refused, one host wouldn't reply to any messages on Airbnb, even though I had already paid for the booking.

In recent news, Wall Street firms were fined $549M by federal regulators for texting about work using employees' personal devices and messaging apps. That's not relevant to security and privacy for sovereignty and freedom, but it's worth keeping in mind.

In other recent news, Zoom is now facing another trust issue. In their terms, in the section of '10.2 Service Generated Data; Consent to Use', they state that they use generated data to train AI. So far, Zoom has faced other security issues such as misleading E2EE (end-to-end encryption) and the location risk of their R&D team.

I'm not saying that the communication via social media and video conferencing apps is bad. I'm saying that we need to be more aware of the balance between efficiency and security/privacy, not just for ourselves but for stakeholders in a wider context.

The balance is important. We don't necessarily have to be paranoid and extremely obsessed with security and privacy concerns, but the point is that we can be more careful for others. Protecting your environment and the way you work means protecting others from unnecessary risks.

If I were a strategist for a hacker group (more like a cracker group), I'd use geopolitics to exploit both the real and virtual world. Based on this, I'd build complex and interconnected tactics, such as marketing, with apps, pirate software, crypt, freemium, campaigns, open source modules and package systems, social engineering, mind control by hacking the genetic mind, using conspiracy theories and the spiritual industry, and much more.

This is just an analogy, but I believe that some determined and skilled hacker groups are using these kinds of complex strategies and tactics. If you're concerned and critical about hidden agendas and shadow governments, it's an ethical investment to protect others by being careful about how you treat the information of others.