For consumers, particularly young people, they need an understanding of why their data is so valuable, what it means for companies and, most importantly, how to protect it. Understanding that free services aren’t free, as they’re paying the price by having their data taken, is one such example. The tech industry certainly knows the value of data, having monetized its users to make hundreds of billions of dollars.
For businesses, they need to go beyond ensuring that all employees are aware of internal security policies, teaching the basics regarding strong passwords and avoiding phishing scams. Organizations need to focus more on delivering security education that is specific to each employee role. A survey by PwC reported that more than 51% of data breaches were caused by insiders, thus, organizations need to do more for their access policies, and monitor online activities to detect and stop threats.
End-to-end encrypted services are the only viable way forward
‘End-to-end’ implies that devices transmit encrypted information to each other without the server’s participation. Thus, all communication and data – including messages, calls, images, and video – are fully encrypted. From this, end-to-end encryption is the most reliable and advanced way of protecting user data and should be at the forefront of business infrastructures, and consumers’ minds when deciding which applications or services they want to use.
As we’re witnessing Facebook integrating with Instagram and WhatsApp, ensuring that we’re all using end-to-end encrypted services is more important than ever. While the idea of all these services being in one place might seem appealing and helpful in preventing us switching from one app to another, it means users will be more susceptible to hacking and thus, personal data being taken. Users should perceive their personal data as their passport on the web – our private data contains aspects of identity, and thus, if taken, is opening a gateway for potential threats.
Ensuring that end-to-end encrypted services are the first-choice is as important for users as it is for enterprises. Without messages, calls, images, and videos being fully encrypted, everything sent and received will be vulnerable to threats. With protecting user data at the forefront of business infrastructures, and consumers’ minds, both will be able to work together in order to prevent future attacks. Without fully encrypted services, the vulnerabilities posed by the third-party application providers employed by major platforms will be increased as user data will be exposed to malicious players. This is a risk we all face, unfortunately.
Even with an increased focus towards enhancing privacy, there is still a risk of businesses losing data to hackers. Therefore, a company that can create a tight security development lifecycle that can constantly evolve, will protect its business and its users. Adopting an ‘always on’ mindset where businesses are updating and tightening their security system will be beneficial in the long-term for businesses and their customers alike.
The sooner organizations work towards compliance with the latest regulations, the sooner they can be confident of their own security. To help businesses understand the steps they should take in order to ensure data compliance, it is crucial that consumers understand the value of personal and private data too. Communication platforms should empower them to understand their own data and act on keeping it safe.
- Content by Derek Roga, March 15, 2019, posted at https://www.techradar.com/news/why-cybersecurity-alone-is-not-enough-to-protect-private-data
- Image credit: Shutterstock