Ian Tan, head of the School of Mathematical and Computer Sciences at Heriot-Watt University Malaysia, said messaging platforms like WhatsApp are among the biggest sources of data leaks, leading to spam calls, phishing attempts and fraud.
“From my perspective, a lot of information is shared when we join WhatsApp groups. In very large groups, it becomes difficult to control who might be leaking information,” he told FMT.
“For example, if you own a property in a condominium, typically, there is a WhatsApp group for tenants or owners, and in that group your name, unit number and phone number are all visible, making it (WhatsApp) one of the largest unknown areas where personal information is leaked.”
In WhatsApp communities, users can hide their phone numbers from members other than admins, a feature not available in regular WhatsApp groups.
With phone numbers widely used for work and personal matters, Tan said that keeping them private could be nearly impossible.
“Even handing out a business card exposes this information. To address this, alternative methods should be explored to eventually replace phone numbers as a form of identification to enhance privacy,” he said.
Tan also urged users to be mindful of social media settings, cautioning against publicly sharing details like birthdates.
“We should disable birthday reminders, as birthdates make up the first six digits of our IC number, already revealing critical personal information,” he said.
On March 2, digital risk management company Gogolook reported that Malaysia recorded the highest rate of personal data leaks among key Asian markets, including Taiwan, Thailand, Japan, South Korea, Hong Kong and the Philippines.
The report also found that scam calls in Malaysia surged by 82.81% last year, further highlighting the urgent need for stronger data protection measures.
Murugason Thangaratnam, CEO of cybersecurity company NovemCS, said it was important for consumers to build digital literacy and follow best practices to prevent scams.
He said users should avoid clicking on suspicious links, refrain from using public WiFi for transactions, and adopt strong, unique passwords with multi-factor authentication.
Other safety measures include monitoring accounts for suspicious activity, downloading apps only from official sources, and being wary of scams like fake job offers, prize claims and romance fraud.
“Constantly remind yourselves of the mantra, if it looks too good to be true, it usually is,” he said.
From a regulatory standpoint, Murugason said cybersecurity laws have improved, citing the recently enacted Cybersecurity Act 2024 and the passed amendments to the Personal Data Protection Act (PDPA).
“The amended PDPA introduces key changes, including stricter penalties, mandatory data breach notifications, the right to data portability and the appointment of data protection officers, aligning it with international standards,” he said.
However, Tan warned that while these updates are a step forward, they may not be enough to keep up with rapidly evolving cyber threats.
“The thing is, scammers with malicious intent are very creative, sometimes moving faster than the law, which makes it quite difficult.
“Laws can’t always anticipate or cover everything that will happen in the future, which will continue to be a challenge,” he said. - FMT
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.