Is Your Personal Data Leaking from Your “Digital Exhaust”?
Synchronization Services Provide Convenience, but Also Risk
Written by Stan Kiefer
It’s easy to take for granted how convenient technology has become.
As we switch between devices, our calendars, emails, notes, photos and other information follow us – always keeping us up-to-date. Your messages follow you from your personal phone to your work computer and then back at the end of the day.
However, there can be a downside to all this convenience. The very reason your devices can do such things may put your personal data at risk in ways you may not realize.
Your Digital Exhaust
As you travel through the internet, you leave a data trail behind you – something known as “digital exhaust.”
Companies like Apple and Google have built services into their products that allow important pieces of data you may use multiple times a day to follow you from device to device. These synchronization services are built into the popular technologies Apple iCloud® and Google Chrome®. They’re the reason you can keep items such as your bookmarks or iMessages synchronized between all the devices you use them on.
The Cyber Security Services research team at Symantec, owner of Norton LifeLock recently performed a deep analysis of these two services, and we found a few potential areas of concern. Before we go into the details, it’s important to note that synchronization services from Apple iCloud and Google Chrome operate effectively as designed. The security concerns we are highlighting come from the tradeoff we make by using these services for the convenience and efficiencies they provide to us.
Risks of Synchronization
How could these security concerns affect you?
Let’s say you are working on a new project at work. You store some notes about the project in your Notes app on your corporate Mac® computer, which is using your personal iCloud account. When you leave for the day, you shut off your computer.
What you don’t realize is you may have already put that highly confidential data at risk.
Because of the synchronization service, the data you stored in the Notes application on your work computer was also automatically stored in your home computer Notes application. In fact, the data was in your home before you were.
This poses potential risks. Since home networks generally have less security than company networks, cyber criminals may have an easier time accessing it. Inadvertently syncing the data onto your home computer may also violate your company’s policies.
The data replication goes the other way as well – from your personal device to your work computer. Imagine that you stored some personal medical information on your smartphone using your personal iCloud account. If you use the same account for your work computer, the information will be stored on your company network. That means your company might see some of your personal information that you prefer to keep private.
The security concerns from synchronization aren’t always insidious, though. Say you were doing research for a trip to the Bahamas to surprise your spouse for your anniversary. You carefully did this research at work during your lunch hour so there was no chance of your spouse getting wind of the trip. Or so you thought. However, if your family has a shared device, like an iPad, your spouse could come across notes you took at work that were replicated onto your home device.
How to Reduce Your Risk
The point isn’t to stop using synchronization services, since they do make our lives easier. However, you should realize the risk they carry, so you can use the services in a way that allows you to protect your most sensitive data while getting the maximum benefit of these convenience services. Consider the following ways to keep your data more secure:
- Keep Info Separate. Do not use your personal Google (Gmail) or iCloud accounts on your work computer and vice versa.
- Don’t Be a Borrower. Use your account only on machines and networks you trust; don’t use them on borrowed devices that you cannot factory reset after use.
- Should You Fill Up? Turn off the feature in Chrome or Safari that automatically fills forms.
- Turn On or Turn Off. Switch off synchronization capabilities on devices that you do not wish to store data on or share data from.
We live in a fast-paced world, and we’ve become used to the idea of being able to access any information we want at any time from any device. It’s important to understand the security risk that comes with this modern level of convenience.
You’ll never be able to eliminate your entire digital exhaust. However, you can keep some of your most sensitive information from spewing out of the tailpipe.
Interested in learning more? Download the full white paper “Privacy in a Synchronized World”
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.