Digital Guardians: An Interview with Dr. Yago Morgan on Cybersecurity and PrivacyDigital Guardians: An Interview with Dr. Yago Morgan on Cybersecurity and Privacy

Ricardo Fan – DefesaNET

In this exclusive article for the DefesaNet Portal, Dr. Yago Morgan, lawyer and specialist in Business Law. With extensive experience in data governance and privacy protection projects, Dr. Morgan brings valuable insights into how organizations can navigate the complex landscape of the digital age.

Professional Career and Expertise

Dr. Yago Morgan is a widely recognized name in the legal and technology fields. His education includes an MBA in Cybersecurity from FIAP and the ISO 27001 Lead Implementer certification from ABNT. In addition, he is an active member of the International Association of Privacy Professionals (IAPP), where he contributes to the advancement of best practices in privacy and data protection.

As DPO (Data Protection Officer) of companies such as R2 Produções and with experience in public administration, specifically at the Municipal University of São Caetano do Sul, Dr. Morgan brings in this interview a holistic view of the challenges faced by organizations in the era of digital transformation.

DefesaNet: What are the main digital security risks that people generally underestimate?

Dr. Yago Morgan: There are many risks, so there is no way to pinpoint just one. The risk of financial loss is the most noticeable and possibly the one with the greatest impact. This is because, even if we analyze other risks, such as reputational risk, business risk, or others, to some extent we will converge at some point on financial loss.

DN: We often focus on the most well-known attacks, but there are subtle threats that can be just as dangerous. How do cybercriminals exploit social engineering to gain access to personal information?

Dr. Yago Morgan: Through social engineering, criminals use information about the victim’s intimate life in order to appear, at the time of the scam, to be a person they know, and thus establish a bond of trust with the victim, until they get to the point of carrying out the crime.

An example of the use of social engineering to carry out scams is when the criminal contacts the victim posing as a banking institution. During the contact, the criminal uses elements that will create the feeling in the victim’s head that they are talking to that financial institution, for example, using the same standard language and confirming certain data. Usually, during the call itself, the criminal tries to extract new information from the victim that will enrich the narrative of the scam, and deepen the bond so that the victim loses discernment about whether they are talking to that banking institution or to the criminal organization.

DN: Social engineering is a common tactic. How can we protect ourselves against it?

Dr. Yago Morgan: Awareness is the central topic when we talk about social engineering. Educate the population on how to identify signs of possible fraud. Companies and governments must undertake massive efforts to raise awareness of these practices and how to avoid them.

A simple act such as explaining that banks, for example, do not call their call centers to deal with credit card problems such as denied transactions, or even informing them that the bank does not ask for canceled cards to be picked up at your home, can have a positive impact on the fight against fraud.

DN: What are the dangers of sharing personal information on social networks and messaging apps?

Dr. Yago Morgan: Sharing personal information indiscriminately on social networks can feed criminals with information that can be used to commit fraud using social engineering techniques.

To make it clearer, imagine that a criminal who has information about who your family members are (father, mother, siblings), could use this to attempt scams, where by using this information a bond of trust is created between the scammer and the victim.

DN: Social networks are fertile ground for data leaks. How do you balance convenience with privacy?

Dr. Yago Morgan: The most important point in the balance between convenience and privacy is transparency. From the moment the user has transparency about what data and how that data is used by social network managers, it is the user themselves who decides whether that convenience is enough in exchange for their data.

To this end, institutions should write their policies in simpler, more accessible language, using graphic resources, among other techniques, to ensure that the user is actually aware of this content, and that consent to use the data is really informed consent.

DN: Why is the security of IoT (Internet of Things) devices so critical?

Dr. Yago Morgan: Security in general is a critical issue. IoT devices are no more vulnerable than other types of devices, but to some extent they have a greater potential for harm. In other words, in the event of security incidents, the user may suffer damage on a larger scale than with some other technologies.

In general, it is important to pay attention to the data that is collected when using this type of technology, and also to be concerned about the network connections where these devices are installed. This is because using unsecured networks, even domestic ones, to connect to this type of device can make the environment vulnerable to external attacks.

DN: Connected devices are everywhere, but many are vulnerable. How can we protect our smart homes?

Dr. Yago Morgan:

a) Choose devices from reliable manufacturers, already tested and widely recognized by the market;

b) Use strong, unique passwords;

c) Adopt network standards that make the environment secure. Segmenting the home network, creating an exclusive environment for connecting these devices, is a good practice that should be adopted.

d) Review and manage permissions, limit access to information and functionalities to only what is absolutely necessary;

e) Make household members aware of how to maintain safe browsing, how to protect their access credentials (logins and passwords); and,

f) disconnect unused devices, and keep all devices always on the most up-to-date version of their software.

By following these practices, you can significantly strengthen the security of your smart home and protect your data and privacy from possible threats.

DN: What are the risks of using public Wi-Fi networks and how can we minimize them?

Dr. Yago Morgan: Using public Wi-Fi networks can expose users to various security risks such as:

a) Fake Wi-Fi networks: Attackers can set up Wi-Fi networks with names similar to legitimate networks to trick users into stealing their data;

b) Malware distribution: Public networks can be used to inject malware into connected devices, especially if these devices are not adequately protected;

c) Access to Personal Devices: Connecting to a public network can expose your device to other users on the same network, who may try to access personal files and information.

How to minimize the risks:

a) Use a VPN (Virtual Private Network): A VPN encrypts all traffic between your device and the internet, protecting your data from interception. It is one of the most effective ways of protecting yourself on public networks;

b) Avoid Sensitive Transactions: Avoid accessing bank accounts, shopping online or carrying out other sensitive activities while connected to a public network;

c) Forget the Network After Use: After using a public network, “forget” the network on your device to avoid automatic connections in the future;

d) Use Multi-Factor Authentication (MFA): Activate multi-factor authentication on important accounts to add an extra layer of security, even if your credentials are compromised.

DN: Wi-Fi networks in cafés and airports are convenient, but they are also easy targets for attacks. What should you do?

Dr. Yago Morgan: Avoid using public networks. If this is not possible, when you are browsing through public networks avoid using banking applications, or accessing systems that have sensitive information about you or your company.

Practices such as keeping your software up to date, with security settings active, using anti-malware, using authentic software, are good practices that will make your browsing safer in any environment.

DN: How can phishing awareness prevent us from falling into online traps?

Dr. Yago Morgan: It’s the same logic that was explained when we talked about social engineering. The more aware users are about how to identify this type of scam, the less likely they are to become victims.

DN: Phishing remains a significant threat. How do you identify and avoid fake emails and messages?

Dr. Yago Morgan: Phishing is still an everyday threat, but it’s no longer used as much as it once was. This has to do with the efficiency of this type of approach, which no longer brings as many results for criminal organizations, as well as more recent practices involving social engineering, which, because they are more personalized, are practices that leave victims more vulnerable and consequently become more profitable for these criminal organizations.

-x-

Dr. Yago Morgan is a lawyer specializing in Business Law at IBMEC in partnership with Loyola University. A member of the IAPP – International Association of Privacy Professionals, he has extensive experience in data governance projects, having worked as DPO for companies such as R2 Produções and in public administration at the Municipal University of São Caetano do Sul. He is an ABNT ISO 27001 Lead Implementer and holds an MBA in Cybersecurity from FIAP.

Linkedin profile: https://www.linkedin.com/in/yagomorgan/

By admin