Data security promises to be one of the main issues facing organizations in 2014. During the past year two main threats to data security have emerged. First, inadequate and weak security mechanisms have been used by most organizations. Second, it has been revealed that government security agencies have gained access to a vast amount of private user data stored on private corporate systems, usually without the knowledge of these corporations.
These revelations have shaken faith in the safety of the Internet and the way we do online business, and they have compromised the products and services we all use and trust.
Faced with the prospect of a consumer backlash, some of the world’s biggest technology companies took the unprecedented step of joining forces to demand sweeping changes to U.S. surveillance laws to preserve public trust in the Internet.
In an open letter to President Barack Obama, Yahoo, Apple, Google, Microsoft, Twitter, LinkedIn, AOL and Facebook urged radical change, claiming the balance of power had tipped too far in favor of the state and away from the rights of the individual. Brad Smith, Microsoft's general counsel, said, “People won’t use technology they don’t trust. Governments have put this trust at risk, and governments need to help restore it.”
But companies have also been seen as complacent in allowing themselves to be used as agents of surveillance. If nothing is done to remedy this perceived breach of trust immediately, some brands may be damaged beyond repair. In an age where more and more details of our private lives are stored online, trust and data security are essential to any organization’s continued survival. This principle applies not only to technology companies, but increasingly to companies operating in all sectors.
Shares in technology companies are already vulnerable and may continue to be affected as more revelations about data security emerge. Sales of networking switches and routers manufactured by U.S. technology companies recently dropped by about 30% in developing economies like India, Russia and Brazil, mainly because people do not trust some companies as much as they once did.
According to Reuters, more data has been generated in the past 30 years than in the preceding 5,000. Every day, more and more data is generated, and at a faster and faster pace. As home appliances become more connected, and more intelligent, ever more data is stored and made available online.
Market watcher Gartner predicts that by 2019, some 90% of organizations will have personal data stored on IT systems they neither own nor control—these systems can be a lucrative target for cyber criminals.
Several large-scale data security breaches have revealed that all organizations face increasing threats from criminal networks and from government agencies. U.S. retail chain Target recently fell victim to a security breach where millions of credit card details were stolen. In South Korea, the details of millions of credit cards from KB Kookmin Card, Lotte Card and NH Nonghyup Card were stolen. This week, German authorities uncovered a large-scale criminal Internet attack that compromised the personal details of over 16 million Internet users.
Furthermore, in a global marketplace of data proliferation on such a giant scale, opportunities for governments to spy on citizens, monitor their behavior, track their movements, listen in on their conversations and ascertain their views have never been easier or more tempting.
Countless tasks performed in the same way for hundreds or even thousands of years, such as banking, shopping, socializing and sharing information, are now electronic and sometimes automated. The next wave of products controlled online will include domestic appliances such as washing machines, dishwashers and ovens. The threat of hackers controlling these appliances will create a whole new class of online crime.
Apart from accessing bank and credit-card details, collecting passwords, and taking out fake loans, hackers will have access to much more information. For example, a hacker attempting to access digital records could log users’ movements, when they are at home and what they do at home, how much money they spend and what they buy, who they are talking to and what they are saying to them, their views, their medical conditions, and the jobs they are applying for.
User passwords are the keys to these online data vaults and are one of the main areas of weakness in data security systems. Some companies have stored user passwords using insecure methods, and millions of passwords held by large technology companies such as Adobe and LinkedIn have been stolen.
If organizations fail to take action to address data security concerns, consumers may be inclined to reduce the amount of information they are willing to share, or even abandon online platforms and services they have become accustomed to.
More worryingly, however, most hackers do not even require technological methods to hack into an individual’s personal accounts. Most users have very weak passwords, and as a result, hackers can deduce their passwords using social engineering. An individual’s personal details, such as a favorite football team, the year that team last won a championship, a favourite band, or a mother’s maiden name can be used to guess passwords. For most individuals, this can be done in only a few minutes.
Thus, the weakest point is often a person’s social-media account. Because many users employ the same passwords for Internet banking and other sites or store information that can be used to access their Internet banking, a lot of valuable information is highly vulnerable.
In the future, individuals will demand far more control over their own data, and this demand will require them to be rewarded for sharing their data in much the same way that loyalty cards, although essentially data gathering tools, reward users for providing this data. The same process is happening with online data, and the reward aspect will very soon become the norm.
Cookies are already being replaced as consumers are herded onto data-gathering “ecosystems” like Facebook and Google. Storing cookies on a user’s computer makes deep analytics of this data almost impossible. Instead, these ecosystems store the behavioral and browsing data on their servers, allowing for execution of highly complex algorithms to enable valuable deep analytics.
These insights can then be sold and used to drive highly targeted advertising. Although cookies provide individuals a lot of control over their own data, and although most users are unaware of this fact, large data-gathering organizations like Facebook are instead moving toward a highly centralized data storage approach.
In the short term, this dynamic is likely to cause a further backlash from consumers. The shift might therefore be temporary as we move to a world where consumers demand to own their own data and get rewarded for sharing it.
One approach might be to give each Facebook user a reward point for every post, number of friends who liked a post or some other metric. The current “free” Facebook model is anything but—users are essentially paying with their data and not getting anything in return. But in this savvy consumer age, that model cannot last forever.
Here are some basic rules to follow to protect your data security:
- Re-evaluate which companies you deal with. Don’t assume large organizations like Google, Apple or Sony are immune to data theft or that they won’t sell your data. Hidden far down in contracts with these companies that everyone signs and few people read is your agreement that all of your personal information can be shared with third parties.
- If you’re dissatisfied that your personal information is entirely safe, you should switch to a new provider.
- Only use cloud-based platforms or email services on a highly secure network.
- Don’t carry out searches if you’re connected to Google Plus unless you accept that the company will store and share all of that search information, even with your employer or another government.
- Don’t use Wi-Fi printers for sensitive material or, if you must, ensure the Wi-Fi channel is secure and encrypted.
- When logging into cloud-based or remote sites such as Facebook, Yahoo or Outlook.com, don’t assume that you’re on the right site. Your password may be stolen by fake sites pretending to be the original.
- Don’t use a memorable date for your favorite football team as your password. If you use your mother’s maiden name, for example, remove all of the vowels, or every second vowel, and add numbers. If you use your date of birth, use it plus one or minus one. And definitely don’t use the same password for everything!
- Always encrypt your computer. There are some very good software packages that are great at encrypting your full hard disk and without access to that people can’t get to your data. With today’s technology it would take them more than a million years to break in.
About the Authors
Daniel de Bruin and Brad Thiele are directors at Modelling Design Partners, a business-intelligence company implementing the latest techniques in data analytics and machine learning.