PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, channels his inner Ray Kinsella from the movie “Field of Dreams” and takes us through the process of data harvesting and why cybercriminals are drawn to our data, not unlike those baseball players in the film found their way to a ball diamond in the middle of an Iowa cornfield.

But unlike ole Ray, David discusses some steps you can take to make sure these scammers are kept out of the game and help keep your data and critical systems to stay protected.  

By David Dungan

Data harvesting is the process of collecting an individual’s data from a given source. The data being collected can come from a variety of sources, everything from websites and Application Programming Interface (API) requests, to social media and/or public records. In some cases, it can be done without the consent or knowledge of the users. The most common data that is harvested includes personal information like names, home addresses, email addresses, passwords, and even financial information.

Two Sides of the Same Coin

While data harvesting sounds like your data is being stolen, fortunately, the opposite is usually true.

There are many cases where data harvesting is done in a way that’s permissible. Some legitimate reasons companies or other entities might employ data harvesting practices include marketing, research, and methods for improving a user’s experience. The scope and extent of legitimate data harvesting is often outlined in the terms of service for an app or a website.

Meanwhile, the other side of data harvesting involves the more malicious methods that we hear about, where bad actors are looking to steal and collect information for personal gain. Similar to the legitimate entities we just mentioned, these malicious actors harvest the same data in similar ways, except that they use the information for other purposes, such as identity theft and they make spam calls and send out fraudulent emails and text messages.  And they make their money by selling the information on the dark web.

Data Harvesting Mediums and Tools – How It’s Done

In order to more clearly understand how data harvesting works, it is important to know about the different tools and mediums that both legitimate companies and malicious actors use to acquire data.

• The current leading trend in data harvesting is the use of bot collectors or web scrapers which are specialized and rely on automated software programs that are created to collect data from different sources such as websites, databases, etc.
• Another popular form of data harvesting is through the use of surveys, such as questionnaires, telephone calls, interviews, or focus groups, which are used by research groups/institutions as a fast way to collect data from a targeted demographic or group.
• Some other methods for harvesting data include specialized software like malware or spyware, selling/trading of data, app privacy and permissions, Internet of Things (IoT) devices, phishing, and fake Wi-Fi networks.

Ways to Protect Against Data Harvesting

With so many different avenues that data harvesters – on both sides of the Internet – can use to collect our data, it may feel, at times, overwhelming to try and protect against it. Fear not, as there are some actions that everyday users can do to protect against being a part of the online data farm.

Among the steps you can take includes:

• Reviewing privacy settings for web browsers and apps
• Using a Virtual Private Network (VPN) while browsing online
• Denying any unnecessary cookies when visiting websites
• Being sure to read closely the “Terms of Service” to understand how and where data is being collected, used, and stored
• Minimizing the amount of information that you post online

Data harvesting is not going away anytime soon. It has become an established business within the digital world. However, by taking proactive measures, thinking before we post, and always being alert, we can stay ahead of data collecting entities. These actions may not stop your information from being harvested, but it will decrease the amount and the quality of information that is being collected about you.

In doing so, you will be able to rest a little easier knowing you are more in control of your personal data than before. And maybe with baseball season just around the corner, you’ll have time to take in a game or have a catch!