January 28th is National Data Privacy day in the US! Fire up the grill and I’ll bring the onion dip.
Silliness aside (I reserve the right to revert back to silliness at any time), data privacy is a critical issue for most of us, but many only give it a passing nod. It probably wouldn’t make it into the top 10 most important issues for most of us. We’d list out things like: Family, schools, safety, taxes, a remodel and so on. But even a minor failure in data privacy could be catastrophic for most of us. Here comes the personal anecdote…
In 2010, I pulled into a gas station, swiped my card, pumped my gas, and left. Moments later, the phone rang. It was the Fraud Prevention department at my bank asking if I’d just used my card at such and such gas station. "Why yes I did! Thanks for checking! Out of curiosity, why do you ask? I mean, I’ve been here before.” They told me that their systems flagged it because it was inconsistent with the current pattern of spending. Hmm. I got back to the office and looked at my banking website. Lo and behold, they were right! It WAS inconsistent…As far as they could tell, I was in Shanghai, China right then. I could see transactions, one after another, going back about three hours. I plotted the transactions in Google Maps, and boom, there was someone walking down the street and spending my money. A restaurant, shoes, electronics, ATM withdrawal, Starbucks, clothing, all right in a line down the street. This character had my data somehow and was having a fabulous afternoon with it.
It took me days of stress and frustration to get it all sorted out. These were real days from my real life, with real stress about whether my mortgage check would bounce before the bank credited back my losses. I never figured out how they got my data, but this experience changed my habits and practices forever.
The system is only as good as its weakest link. The technology can only take us so far.
But, this is just one person’s experience. It won’t change anybody else. But it should; there are millions more just like it. And while financial institutions treat this stuff as super important, most consumers don’t. We freely answer quizzes on Facebook talking about our childhood, pets, tattoos, children, and favorite foods; giving Cambridge Analytica what it needs to sway a Federal Election. We do our banking on unsecured WiFi and are surprised when someone disappears our money for us. Shoot, I have a friend who doesn’t even have a passcode on his phone.
The business world mostly takes security seriously. They have to. There’s a huge financial incentive to take it seriously. If we screw up, our businesses can fail. There’s kind of a built-in check-and-balance system there. Sadly, it’s still estimated that 45%-49% of cloud databases are either unsecured or unencrypted. That’s insane.
In 2019, the demographic data of 80 million households was exposed. The expected salaries of more than a million job seekers. And thousands of Facebook passwords. All exposed by hackers without exceptional prowess — just some database left sitting there because some database manager hit the wrong button and didn’t lock it down.
The system is only as good as its weakest link. The technology can only take us so far. At the end of the day, We the People, Individual and Collective, are the biggest leaky sieve in the Data Privacy and Security game. Zero Cool needn’t bother hacking the Gibson across state lines…he could have simply walked next door and gotten a bank statement from the trash. We write passwords on post-its and put them on our monitor (I saw this over the shoulder of the guy at the DMV). We create apps and platforms that don’t conform to best practices. We don’t keep our computers and phones up to date with the latest security patches.
As businesses we ask our customers to trust us. We need to live up to the trust they give us.
We rely on the businesses we trust to keep our data safe. It’s time we stopped. It’s time we got involved with our own security. If you’re an individual, here are some things you should be doing to protect yourself:
- On any new device, set your privacy settings immediately. This includes new applications, social media, and programs.
- Never use unsecured WiFi – especially for banking or shopping.
- Check your bank and credit card statements regularly. Use the apps, and turn on credit watch. And for heaven's sake, please check your credit report.
- Keep software up to date. Out of date software is vulnerable.
- Never give personal information over the phone, email, or text.
- Stop taking online quizzes that give away the store.
- Use strong password phrases. The longer the password, the harder it is to break.
- Don't use the same password everywhere. If you need to, use a password manager. They'll work across your devices and are inexpensive.
- Change passwords when your accounts may have been compromised or just because it's Tuesday.
- Use virus protection and a firewall. Use a VPN like TunnelBear or similar. They're inexpensive or free.
If you’re a business, realize that security is not only the responsibility of IT — it is everyone’s problem. According to DigitalGuardian, in 2019, Security breaches cost an average of around $3.9 million per breach, with Healthcare being the most vulnerable industry (with Healthcare breaches costing almost twice the national average). Security is everybody’s problem; Business, IT, Marketing, Sales, Customer Service...Everybody. Don’t skimp. Don’t make budget a factor when it comes to security. In data privacy, only one factor matters: Is it secure or not?
At Anthroware, when we develop an app, platform, backend functions, mobile or web, APIs or desktop…When we perform testing, there are two questions:
- Is it secure?
- Does it work?
There are no other standards; If we can’t give a clear YES to both of these questions, then we haven’t done our jobs. As businesses we ask our customers to trust us. We need to live up to the trust they give us.
When you, Business Owner, Product Champion, Entrepreneur, Designer, CEO, Founder, whoever are about to build your platform or your app, if your provider doesn’t bring security out front and center as critically important, I beg you, for the sake of all that is good and lovely, fire them. Run away. Even if it’s Anthroware. Let’s celebrate Data Privacy Day by taking responsibility for our own weak link and let's all work see the impact of data breaches decrease this year, for the first time in history.