Free Ebook cover Cybersecurity Fundamentals for Absolute Beginners

Cybersecurity Fundamentals for Absolute Beginners

New course

14 pages
All courses > Information Technology > Cyber Security ::

Digital Assets and Everyday Data You Interact With

Capítulo 2

Estimated reading time: 11 minutes

+ Exercise

What “Digital Assets” Means in Daily Life

A digital asset is anything in digital form that has value to you or to someone else. “Value” can mean money, access, identity, privacy, reputation, or simply convenience. In everyday life, you interact with digital assets constantly, often without noticing: your photos, your messages, your accounts, your saved passwords, your browsing history, your location timeline, your online purchases, and the devices that store or access all of that.

It helps to think of digital assets in two layers: the data itself (the information) and the access to that data (accounts, logins, devices, tokens). Many real-world incidents happen not because someone “steals files,” but because they gain access to an account and then can view, change, delete, or impersonate you.

Why beginners should categorize assets

When you can name and categorize your assets, you can protect them more effectively. You do not need to treat every piece of data the same way. A grocery list note is not as sensitive as a scan of your passport. A social media account used for casual browsing is not the same as your primary email account that can reset passwords for everything else.

Common Types of Digital Assets You Use Every Day

1) Identity and “proof of you” data

This category includes information that can be used to identify you or pretend to be you. Some of it is obvious, some is surprisingly powerful when combined.

  • Full name, date of birth, phone number, home address
  • Government IDs (passport, driver’s license, national ID numbers)
  • Biometrics (face scans, fingerprints) stored on devices or in apps
  • Security questions and answers (often guessable from social media)
  • Digital copies of documents (PDFs, photos of forms)

Practical example: a photo of your driver’s license stored in your email or cloud drive is convenient for forms, but it is also a high-value asset. If someone accesses that account, they may gain a strong “proof of identity” artifact.

Continue in our app.

You can listen to the audiobook with the screen off, receive a free certificate for this course, and also have access to 5,000 other free online courses.

Or continue reading below...
Download App

Download the app

2) Accounts and credentials (access assets)

Accounts are often more valuable than individual files because they are gateways. Credentials include passwords, passkeys, one-time codes, recovery codes, and session tokens (the “you are logged in” state stored in a browser or app).

  • Email accounts (often the master key for password resets)
  • Banking and payment accounts
  • Social media accounts
  • Shopping accounts with saved cards and addresses
  • Work or school accounts
  • Password manager vaults
  • App logins using “Sign in with Google/Apple/Microsoft”

Practical example: if your primary email is compromised, an attacker may not need to guess other passwords. They can request password resets and take over multiple services.

3) Financial data and transaction traces

Financial assets include direct access to money and also the data that enables purchases or fraud.

  • Card numbers, expiration dates, billing addresses
  • Bank account details
  • Payment app histories
  • Invoices, receipts, order confirmations
  • Subscription lists (what you pay for, and where)

Even if a card number is not visible, transaction emails can reveal where you shop, your home address, and patterns that help targeted scams feel “real.”

4) Personal communications

Messages often contain sensitive context: relationships, plans, private photos, and verification codes. They can also be used for impersonation.

  • SMS and messaging apps (WhatsApp, Signal, Telegram, iMessage)
  • Email content and attachments
  • Direct messages on social platforms
  • Voicemail recordings

Practical example: a screenshot of a chat may reveal phone numbers, addresses, or a shared secret used for account recovery.

5) Photos, videos, and creative work

Media files can be valuable emotionally, reputationally, and financially.

  • Family photos and videos
  • Private images
  • Content created for social media
  • Design files, writing drafts, music projects

These assets are often stored across devices, cloud backups, and shared albums. The same photo may exist in multiple places, each with different sharing settings.

6) Location and movement data

Many apps collect location data to provide services (maps, weather, ride-sharing). Location data can reveal routines, home/work addresses, and travel plans.

  • Location history/timeline
  • Check-ins and geotagged photos
  • Ride-share and delivery addresses
  • Fitness routes and activity maps

Practical example: posting a photo with location metadata or a visible street sign can unintentionally reveal where you live or where you are right now.

7) Device data and “what’s on your phone”

Your phone and computer are containers for many assets at once.

  • Contacts list
  • Notes and reminders
  • Saved Wi‑Fi networks
  • Browser history and saved autofill
  • Downloaded files folder
  • App data (including cached content)

Contacts are a hidden high-value asset: they enable convincing impersonation (“Hi, it’s me, new number”) and targeted scams against your friends and family.

8) Cloud storage and backups

Cloud drives and backups are designed for convenience and recovery, but they also concentrate your data in one place.

  • Google Drive, iCloud Drive, OneDrive, Dropbox
  • Photo backups
  • Device backups (including app data)
  • Shared folders and collaboration links

Practical example: a shared link set to “anyone with the link can view” may be forwarded beyond the intended recipient, especially if it is not time-limited.

9) Social graph and reputation

Your online presence is an asset: your profile, your posts, your followers, your reviews, and your credibility.

  • Social media profiles and posts
  • Professional profiles
  • Marketplace seller ratings
  • Community forum accounts

Account takeover here can be used to scam others using your trusted identity, not just to harm you directly.

Everyday Data Flows: Where Your Data Goes During Normal Activities

Browsing the web

When you visit a website, you typically share at least your IP address, device/browser details, and often cookies that help the site remember you. If you log in, you also share account identifiers and activity history. Even without logging in, browsing can create a behavioral profile over time.

Using mobile apps

Apps may request permissions such as contacts, photos, microphone, camera, location, and notifications. Some permissions are necessary for the app’s function; others are optional. Apps also generate analytics data (how often you open the app, what you click) and may sync data to cloud services.

Shopping online

Online shopping involves identity data (name, address), financial data (payment method), and behavioral data (what you viewed, what you abandoned in the cart). Order confirmation emails become a long-lived record of purchases and addresses.

Working or studying

Work/school platforms store documents, messages, meeting links, and sometimes recordings. Shared calendars reveal routines and travel. Collaboration tools can expose data through misconfigured sharing settings.

A Practical Way to Inventory Your Digital Assets (Step-by-Step)

This exercise helps you identify what you have, where it is stored, and what matters most. You can do it in 20–40 minutes, then refine later.

Step 1: List your “core accounts” (10 minutes)

Core accounts are those that can reset other accounts or contain the most sensitive data.

  • Primary email account(s)
  • Phone number/SIM-related account (carrier portal)
  • Password manager (if you use one)
  • Main cloud account (Google/Apple/Microsoft)
  • Banking/payment accounts

Write them down in a private note (offline if possible) as a simple list. Do not include passwords in this list; just the account names and what they control.

Step 2: Map where your important files live (10 minutes)

Make three columns: Device, Cloud, Shared. Then list where your files are stored.

  • Device: phone photos app, downloads folder, desktop documents
  • Cloud: iCloud Photos, Google Photos, Drive/Dropbox folders
  • Shared: shared albums, shared drives, family accounts

Practical tip: search your email for terms like “invoice,” “receipt,” “statement,” “verification code,” and “scan” to see what sensitive documents might be sitting in your inbox.

Step 3: Identify “high-impact” data (5 minutes)

Mark assets that would cause major harm if exposed, changed, or deleted.

  • Government ID scans
  • Tax documents, payroll, benefits
  • Medical records
  • Private photos
  • Anything that enables account recovery (recovery codes, backup email access)

If you are unsure, use this rule: if you would feel unsafe, financially harmed, or seriously embarrassed if it became public, treat it as high-impact.

Step 4: Identify “high-likelihood” exposure points (5 minutes)

These are places where data commonly spreads.

  • Old devices you no longer update
  • Shared family tablets/computers
  • Public or shared Wi‑Fi use with auto-join enabled
  • Shared folders with broad link access
  • Apps with many permissions

Step 5: Choose your top 5 assets to protect first (5 minutes)

Pick five items that are both high-impact and realistic to secure quickly. Example top five for many beginners:

  • Primary email account
  • Phone number/SIM account
  • Cloud photos backup
  • Banking/payment app
  • Password manager or saved passwords in browser

Understanding “Metadata”: The Data About Your Data

Metadata is information that describes other information. Beginners often focus on message content (“what I wrote”), but metadata can be just as revealing (“who I talked to, when, and from where”).

  • A photo can include time, date, device model, and sometimes location.
  • An email includes sender/recipient, timestamps, and routing details.
  • A document can include author name, edit history, and comments.

Practical example: you might share a photo of a new apartment without showing the address, but if location tagging is enabled, the file may still contain coordinates when uploaded in certain contexts.

Everyday Scenarios: What Assets Are Involved?

Scenario: “I lost my phone”

Assets at risk depend on what is accessible without unlocking and what accounts are logged in.

  • Device access (screen lock strength matters)
  • Logged-in email and cloud accounts
  • Payment apps and tap-to-pay settings
  • Photos, messages, and contacts

Practical step: check which apps show content on the lock screen via notifications. A one-time login code displayed on the lock screen can be enough to access an account if the attacker also has your email open on the phone.

Scenario: “I shared a document link”

The asset is not only the document, but also the sharing configuration.

  • Link scope (specific people vs anyone with link)
  • Permissions (view vs comment vs edit)
  • Whether the link expires
  • Whether the file can be downloaded

Practical step: before sending, open the share settings and verify: who can access, what they can do, and whether the link is searchable or broadly accessible.

Scenario: “I signed in with Google/Apple”

This is convenient, but it concentrates access into one identity provider account.

  • If the provider account is compromised, many connected apps are affected.
  • Disconnecting access later requires knowing where you used it.

Practical step: review your connected apps list in your Google/Apple/Microsoft account settings and remove apps you no longer use.

Hands-On: Quick Checks You Can Do Today (Step-by-Step)

Check 1: Find where your accounts are logged in

Many major services let you view active sessions (devices currently signed in). This helps you spot unfamiliar access.

  • Open your primary email account settings.
  • Locate “Security” or “Devices” or “Where you’re signed in.”
  • Review the list for devices you do not recognize.
  • Sign out of sessions you do not trust.
  • Change the password if anything looks suspicious.

Keep the focus on your core accounts first, because they provide access to many other assets.

Check 2: Review app permissions on your phone

Permissions control what data an app can access.

  • Open your phone Settings.
  • Go to Privacy (or Apps > Permissions).
  • Review high-sensitivity permissions: Location, Contacts, Photos, Microphone, Camera.
  • For apps that do not need a permission to function, set it to “Never” or “While using.”

Practical example: a flashlight app does not need contacts. A weather app may not need precise location if city-level is enough.

Check 3: Audit your cloud photo sharing

  • Open your photo app’s sharing section (shared albums/links).
  • List albums shared publicly or with many people.
  • Remove people who no longer need access.
  • Disable link sharing if it is not required.

This reduces accidental exposure of private images and metadata.

Check 4: Search your email for sensitive attachments

Email often becomes an unintentional archive of sensitive documents.

  • Search for: “passport”, “ID”, “SSN”, “tax”, “statement”, “invoice”, “verification”, “OTP”, “code”.
  • Identify messages with attachments containing personal documents.
  • Move important documents to a safer storage location you control and can secure.
  • Delete emails you do not need, and empty trash if appropriate.

Be careful not to delete records you legally or practically need (for example, tax documents). The goal is to reduce unnecessary exposure and clutter.

Asset Prioritization: A Simple Risk Lens for Beginners

To decide what to protect first, evaluate each asset with two questions: impact and likelihood.

  • Impact: What happens if it is exposed, changed, or deleted?
  • Likelihood: How easy is it to access accidentally or through common mistakes (weak sharing settings, old devices, many logins)?

Example: your streaming account password might be low impact, but your primary email is high impact. Your location history might be high impact if it reveals routines, even if it does not feel like “important data.”

Mini Glossary for This Chapter

  • Digital asset: Any digital item with value (data or access).
  • Credential: Something used to prove you are allowed in (password, passkey, code, token).
  • Session: The logged-in state on a device/app.
  • Metadata: Data about data (timestamps, location tags, device info).
  • Permission: An app’s allowed access to device features/data (contacts, location, photos).
Quick self-check: Name 3 digital assets you used today. For each, answer: Where is it stored? Who else can access it? What would happen if it leaked?

Now answer the exercise about the content:

Why is a primary email account considered a high-priority digital asset to protect first?

You are right! Congratulations, now go to the next page

You missed! Try again.

A primary email account often acts as a master key for password resets. If it is compromised, an attacker can request resets and gain access to many connected services.

Next chapter

The CIA Triad: Confidentiality, Integrity, and Availability

Arrow Right Icon
Learn Cyber Security

LearnCyber Security

Discover free online courses in Cyber Security, from fundamentals to advanced topics. Gain skills with free certifications in IT Security, Pen Testing, and more today!

 Learn Information Technology

LearnInformation Technology

Our IT free online courses offer top-notch training in the latest technologies and tools, including programming languages, web development, cybersecurity, and more.
Download the app to earn free Certification and listen to the courses in the background, even with the screen off.
QR Code - Baixar Cursa - Cursos Online

Download our app via QR Code or the links below:.

Get it on Google Play Get it on App Store