Data security promises to be one of the main issues facing organisations in 2014.
During the past year, two main threats to data security have emerged. First, inadequate and weak security mechanisms have been used by most organisations. Second, it has been revealed that government security agencies have gained access to a vast amount of private user data stored on private corporate systems, usually without the knowledge of these corporations.
These revelations have shaken faith in the safety of the internet, the way we do online business, and compromised the products and services we all use and trust.
Faced by the prospect of a consumer backlash, some of the world’s biggest technology companies took the unprecedented step of joining forces to demand sweeping changes to US surveillance laws to preserve public trust in the Internet.
In an open letter to president Barack Obama, Yahoo, Apple, Google, Microsoft, Twitter, LinkedIn, AOL and Facebook urged radical change, claiming the balance of power had tipped too far in favour of the state and away from the rights of the individual. Brad Smith, Microsoft's general counsel, said: "People won’t use technology they don’t trust. Governments have put this trust at risk, and governments need to help restore it."
But companies have also been seen as complacent in allowing themselves to be used as agents of surveillance. If nothing is done to remedy this perceived breach of trust immediately, some brands may be damaged beyond repair.
In an age where more and more details of our private lives are stored online, trust and data security are essential to any organisation’s continued survival. This principle does not only apply to technology companies, but increasingly to companies operating in all sectors.
Shares in technology companies are already vulnerable and may continue to be affected as more revelations about data security emerge. Sales of networking switches and routers manufactured by US technology companies recently dropped by about 30 per cent in developing economies such as India, Russia and Brazil, mainly because people do not trust some companies as much as they used to.
Raising the threat level
According to Reuters, more data has been generated in the past 30 years than in the preceding 5,000. Every day, more and more data is generated, and at a faster and faster pace. As home appliances become more connected and more intelligent, ever more data is stored, and made available online.
Market watcher Gartner predicts that by 2019, some 90 per cent of organisations will have personal data stored on IT systems they do not own or control, which can be a lucrative target for cyber criminals.
Several large-scale data security breaches have revealed that all organisations face increasing threats from criminal networks and from government agencies.
Target Corp in the USA was recently the victim of a security breach where millions of credit card details were stolen. In South Korea, the details of millions of credit cards from KB Kookmin Card, Lotte Card and NH Nonghyup Card were stolen. This week, German authorities uncovered a large-scale criminal internet attack, which compromised the personal details of more than 16 million internet users.
Furthermore, in a global marketplace of data proliferation on such a giant scale, opportunities for governments to spy on citizens, to monitor their behaviour, track their movements, listen in on their conversations and ascertain their views, have never been easier or more tempting.
Countless tasks, performed in the same way for hundreds or even thousands of years such as banking, shopping, socialising and sharing information, are now electronic and sometimes automated. The next wave of products controlled online will include domestic appliances such as washing machines, dishwashers and ovens. The threat of hackers controlling these appliances will create a whole new class of online crime.
Apart from accessing bank and credit card details, collecting passwords and taking out fake loans, hackers will have access to much more information.
For example, a hacker attempting to access digital records, could log users’ movements, when they are at home and what they do at home, how much money they spend and what they buy, who they are talking to and what they are saying to them, their views, medical conditions and the jobs they are applying for.
User passwords are the keys to these online data vaults, and are one of the main areas of weakness in data security systems. Some companies have stored user passwords using insecure methods, and millions of passwords of large technology companies such as Adobe and LinkedIn have been stolen.
If organisations do not take action to address data security concerns, consumers may be inclined to reduce the amount of information they are willing to share, or even abandon online platforms and services they have become accustomed to.
However, more worryingly, most hackers do not even require technological methods to hack into an individual’s personal accounts. Most users have very weak passwords, and as a result, hackers can deduce an individual’s password using social engineering. An individual’s personal details, such as their favourite football team, the year they last won a championship, their favourite band, their mother’s maiden name can be used to guess passwords. For most individuals, this can be done in only a few minutes.
Users will want more control
This means that the weakest point is often people’s social media accounts. Because many users use the same passwords as their internet banking passwords, or store information that can be used to access their internet banking, a lot of valuable information is made highly vulnerable.
In the future, individuals will demand to have far more control over their own data and this will require them to be rewarded for sharing their data, in much the same way as loyalty cards are essentially data-gathering tools, but reward their users for gathering the data about themselves and making it available. The same is starting to happen with online data, and the reward aspect will very soon become the norm.
Cookies are already being replaced as consumers are herded onto data-gathering "ecosystems" such as Facebook and Google.
While cookies are stored on a user’s computer, this makes deep analytics of this data almost impossible. Instead, these ecosystems store the behavioural and browsing data on their servers, which allows for highly complex algorithms to be executed on this data to provide for highly valuable deep analytics to be performed.
These insights can then be sold and used to drive highly targeted advertising. While cookies provide individuals a lot of control over their own data – although most users are unaware of this – large-data gathering organisations such as Facebook are instead moving towards a highly centralised data storage approach.
This, in the short term, is likely to cause a further backlash from consumers. The shift might therefore be temporary, as we move to a world where consumers demand to own their own data and get rewarded for sharing it.
One approach might be to give each Facebook user a reward point for every post, or number of friends who liked a post, etc. The "free" Facebook model is anything but – users are essentially paying with their data, and not getting anything in return. But in this savvy consumer age, that cannot last forever.
Here are some basic rules to follow to protect your data security:
- Re-evaluate which companies you deal with. Don’t assume large organisations like Google, Apple or Sony are immune to data theft or that they won’t sell your data on. Hidden far down in contracts with these companies that everyone signs and few people read is your agreement that all of your personal information can be shared with third parties.
- If you’re not satisfied that your personal information is entirely safe, you should switch to a new provider.
- Only use cloud-based platforms or email services on a highly secure network.
- Don’t carry out searches if you’re connected to Google Plus unless you accept that the company will store and share all of that search information, even with your employer or another government.
- Don’t use Wi-Fi printers for sensitive material or, if you must, ensure the Wi-Fi channel is secure and encrypted.
- When logging into cloud-based or remote sites such as Facebook, Yahoo or Hotmail, don’t assume that you’re on the right site. Your password may be stolen by fake sites pretending to be the original.
- Don’t use a memorable date or your favourite football team as your password. If you use your mother’s maiden name, for example, remove all of the vowels, or every second vowel, and add numbers. If you use your date of birth, use it plus one or minus one. And definitely don’t use the same password for everything!
- Always encrypt your computer. There are some very good software packages which are great at encrypting your full hard disk and without access to that people can’t get to your data. With today’s technology it would take them more than a million years to break in.
Daniel de Bruin is managing director at Modelling Design Partners