Don’t say your personal information out loud: cyber security expert

Amid a number of recent ransomware and cyberattacks on retailers and government agencies in B.C., some people think it’s time we stop talking out loud in public places like the pharmacy or doctor’s office.

A popular thread on Reddit asks why people continue to announce their personal information, like name, address, birth date, and illness out loud in a room full of strangers at a time when stealing personal information is so prevalent.

The thread is titled, “Can we stop having people say their personal contact info and sensitive symptoms out loud in walk-in clinics??” and it’s posted on the r/britishcolumbia page.

“Just watched an episode of Criminal Minds where a stalker finds out where his target lived by standing near the pharmacy pickup line,” commented user H_G_Bells.

byu/Emotional-Ad-6494 from discussion

“When I overhear someone’s address, phone, and name, I just think to myself ‘I could literally call all of the big 5 banks right now and get access to this person’s money,” added user kooks-only.

“I hand them my driver’s license. Not interested in telling my info out loud. If I’m new to a medical clinic, there’s generally a form to fill out. If not, ask for a pen & paper to write it down. It’s awful the questions they expect you to share,” said user icy-editor8069.

byu/Emotional-Ad-6494 from discussion

Robert Falzon is the head of engineering at Check Point Software Technologies, a cyber security company.

He says it doesn’t make a lot of sense to say everything out loud.

“In many cases, you can actually call ahead to the pharmacy and you can make sure they have your information on file prior to you arriving there and when you arrive, you can simply give them your name and they should be able to have a policy in effect that they can, just from that information, be able to identify you.”

Falzon adds you can hand them your driver’s license, health-care card, write your information on a piece of paper and slip that across, or type it out on your phone and show that them to them, but you are not required to say it out loud.

He also warns against using other ways to sign in when you have an appointment or have to pick up a prescription.

“QR codes can be very effective, but QR codes can also be manipulated, they can be stolen, they’re easy to duplicate and share. It creates a potentially new problem,” explained Falzon. “Make sure you’re not sharing anything that’s not necessary. Don’t offer additional information that’s not required.”

However, “Perhaps it’s some sort of signal that you send from your device or what have you, but yes, you should be able to share that information without verbally communicating it in a public space.

“Perhaps we might see a resurgence of things involving blockchain, for example. Blockchain is a mechanism that folks can use to sign information, creates a certificate, if you will. One user can say, ‘Here’s some data,’ you would look at it and be able to compare the data with the key I provided you and that key will only fit if you’re talking to me.”

He stresses the issue isn’t just with saying your information out loud. It’s with your phone and laptop, as well.

“Your phone is probably the single most vulnerable piece of equipment that you own. I still see people who don’t even have so much as a password on their phone to open it up. But yet, this is the portal to your entire life … so make sure you use some sort of encryption,” he said.

“Even things like using public Wi-Fi, at a coffee shop, for example. Talking to a friend or doing a business call, all of these things that we would generally take for granted, we didn’t realize there was such a risk. Now we’re seeing that many of these technologies, especially as they age, are becoming vulnerable with some of these types of attacks.”

Falzon believes cyberattacks and ransomware are only going to become more common.

“The attacks are becoming far more sophisticated. Organizations, as a whole, need to pay more attention to their security, in general. Budgets will have to increase. Individuals will have to become more aware of what personal risk they face with this stuff. For example, AI and ChatGPT, you don’t need to be a knowledgeable cybersecurity expert to be able to create a rudimentary attack using some of these tools, because the tools do all the work for you.”

Over the past six weeks, details have been released about a ransomware attack on London Drugs, which the retailer continues to recover from, a cyberattack that hit B.C. government systems, and a cyberattack on the First Nations Health Authority (FNHA). Those all surfaced as money started being handed out to people affected by the LifeLabs cyberattack in 2019 — the company recently settled a class-action lawsuit for just under $10 million.