Security vs. Convenience: Examining the Threats to Information and Privacy

In today’s fast-paced and hyperconnected world, convenience often outweighs security, especially when it comes to conducting transactions on mobile phones. Filipinos are spoiled for choice when it comes to free public WiFi, and many do not hesitate to connect to unsecured networks, unmindful of the security risks that come with them.

“There are many digital conveniences that we take advantage of, either to save money or time. This can lead to practices that can endanger our data and privacy—people not regularly changing their passwords, transactions that don’t come with an additional step for validation of purchase, and, riskier than most, connecting to unsecured WiFi networks commonly found in many public spaces,” said BPI’s Data Protection Officer and Enterprise Information Security
Officer Jonathan John B. Paz.

Why You Should Think Twice Before Using Free WiFi
The widespread availability of free WiFi has contributed to the increased threat of cyber-attacks. A quick search on the Internet shows numerous videos and tutorials showing hackers how to
take advantage of public WiFi networks—some videos even have millions of views. Even as cyber-attacks have become a common concern in the Philippines, not a lot of people are still aware that there are real risks in cyber fraud or having their information stolen.

One of the most common cyber-attacks people should be wary of is called “man-in-the-middle,” where hackers redirect connections from the free network to their own fake websites, making users think that they’re sending their private information to the legitimate website. For example, when users access their bank account through the bank’s website, the information is instead sent to the hacker, rather than to the bank.

Another method is known as “Evil Twin,” where hackers mask their computers to imitate a free WiFi network. Users think they are accessing secure pages, but the Evil Twin computer monitors and views email passwords and bank information, should the user access those
pages.

Paz noted, “Though it depends on how free WiFi networks are set up, it’s definitely much safer to err on the side of caution and expect that these networks are not secure. To protect your data
and prevent yourself from becoming a victim of cyber-attacks, it’s best to wait to carry out your transactions for a later time when you’re using a secure Internet connection.”

Necessary Steps to Security To secure their clients’ data, many banks and other institutions have adopted Advanced Authentication, a more rigorous method of authenticating a user’s identity. This method requires a password, and a second step that asks a user to verify the transaction with a second factor device — most often, the user’s mobile phone, through One Time Passwords (OTPs). OTPs are unlike typical passwords, which are static. They are unique for every transaction.

“This feature, which may be viewed by some as contrary to the conveniences afforded by online and mobile transactions, was put in place for additional protection for users. However, OTPs are not fool-proof and still rely on the practices of the user. Protecting data is something that we need to work on together — both the bank and its clients,” said Paz. “Convenience and security don’t usually mix. To have more security usually means additional checks and additional effort.”

It’s a delicate balance, but with the rapid developments in technology, consumers may soon
have both. In the meantime, it’s best to be careful, or at least know the risks.