Introduction to The Digital Identity Management Course
We all use digital tools and services. Whether we use bank cards, smartphones or computers, we are exposing ourselves to way of storing, presenting or sharing information that can put us at risk.
The risks we face in the digital world are an extension of the risks we face in the physical world. Information in the wrong hands can lead to our identities being used by others for various reasons. Perhaps simply to get access to services we have access to, or perhaps for malicious purposes, reputational damage or financial advantage at our expense.
There are many ways in which we can reduce the risks of participation in a digital world. This course not only presents the risks, but also what we can do to minimise the risks.
What do we mean when we talk about our identity? How many identities do we have? How can we manage our identities and ensure we are in control of how we are represented in the digital world?
Digital Inclusion, in collaboration with the University of the Western Cape (UWC), developed this course and have established an online portal for facilitators to access.
A number of topics will be covered to help you, as a potential trainer, achieve the learning outcomes of this module. It is important to study each of these sections to ensure that you expand your knowledge in the subject. If you are a facilitator, you must be able to present on each of the sections when conduction public sessions.
||Privacy and security in a digital world
||Introduction to digital identity management
||Introduction to identity theft
||Bank card risks and prevention
||Device and application risks and prevention
||Network risks and prevention
||Service provider risks and prevention
||Data risks and prevention
||Information risks and prevention
||Password risks and prevention
Each section has a main page and one or more sub-pages with content to review.
Facebook, WhatsApp, Instagram, google drive and email applications are example of services we may use regularly. We may take it for granted that our information is in safe hands, without giving a thought to the risks of using internet hosted services.
What risks are there in terms of our private and confidential information falling into the wrong hands?
With us using more mobile devices, we are on the move and want to connect to the internet where we can.
Using public networks is an affordable way of getting to our internet services. Are we exposing ourselves to risks when doing this? How can we protect our information when mobile and connected?
Our devices support multiple types of network connections. Bluetooth is an example of personal connections and is often used for transferring information between friends. How does this put us at risk?
Any information that may assist in better profiling you is gathered by persons wishing to exploit you, or people you are connected with.
Learning more about you enables another person to better emulate you, and even replicate your authenticators through analysis, guesswork and deduction. Working out your passwords, answers to security questions, and information relating to your family, friends, associates and interests.
Where you go, where you shop or work may be tracked through monitoring and analysis of location data. What you post about yourself, or share in your online profiles, provides information threads to follow.
With the development and acceptance of information and communication technology and services over the past decades, we are all in some way living and participating in a digital world. As we have been brought up, coached and guided to effectively live in the physical world, so too do we need to conduct ourselves in the modern digital world.
This new world raises questions about privacy and our rights as citizens. What is privacy? What information is considered private? As we actively engage in a society and an economy which is increasingly digital, can we do so with a sense of trust?
Every morning we get up and face the realities of a physical world. We eat, drink, sleep, commute and interact with others. We gain access to and use services we are entitled to use once we have satisfied the service provider that we are who we claim to be – we do this by presenting our physical identity credentials. We need to protect our identities to ensure we can continue to use services and that no one else can claim to be us and act on our behalf. We look after our personal and business reputations as we engage with others by managing our behaviour, and by being conscious of what we do and what we say or share with others.
Every day, we exist in, and have to deal with, the ‘realities’ of the digital world. We use our smartphones, or computers to login, receive and respond to emails, interact with others online using instant messaging, chat rooms, blog posts and participating in online forums. We login to get access to and use online services we are entitled to use once we have satisfied the service provider that we are who we claim to be – we do this by presenting our digital identity credentials. We need to protect our digital identities to ensure we can continue to use digital services and that no one else can claim to be us and act on our behalf, just like in the physical world. Similarly, we look after our personal and business online reputations as we engage digitally with others by managing our behaviour, and by being conscious of what we do and what we say or share with others.
Data is captured, stored, transferred between systems and shared in various forms. Database records, documents, images, audio and video recordings are all examples of data stored on your devices as well an on service provider systems.
The key question is who has access to this data and how is it protected from unauthorised access?
We all use passwords to protect our devices and information. Whether we are simply accessing our device, accessing specific application services, and even when opening certain files, we are expected to use passwords. The problem is that we end up having multiple devices, applications and services, each requiring a password, and it becomes difficult to manage.
If we can think of ourselves having multiple identities, each with their own authenticator/s, we can then consider how important it is to plan and manage our identities we use to access each of our devices and services.
What strategy can we take to ensure we can manage all our identities simply, without sacrificing the purpose of securing them?
With us using more mobile devices, we are on the move and want to connect to the internet where we can. Devices are at risk of being lost or stolen. There is also a risk of our devices being accessed by others and that they may gain access to applications and data.
Using public networks is an affordable way of getting to our internet services. Are we exposing ourselves to application risks when doing this? How can we protect our information when mobile and connected?
Today, we carry ‘cards’ for many purposes. We may have a VISA or MasterCard card linked to our bank, a SASSA card for social grants, or other specific transaction cards. To what extent are we at risk if a card is stolen? Is there enough information on the card for it to be used without further controls?
What are the risks faced in terms of using bank cards and how can we minimise or mitigate those risks? How do we secure our bank cards and ensure they cannot be used by others?
Why are we concerned about securing our identities
Why would anyone want to steal my identity? What would their motives be? As we embrace online services, more of our personal information records are stored online. As a result of pervasive networks and online application services, information can be leveraged for a variety of reasons. In the wrong hands, our information can be used and result in financial losses, reputational damage, and loss of service benefits. Our information is of value to us, but also to others.
If our identities are the keys that authorise and grant access to services, it is important that we protect them.