Earlier this year, attention was drawn to Amazon CEO Jeff Bezos as his personal text messages were published publicly. Some have suggested that the story was leaked by someone close to Bezos, while others believe that the exposé was politically motivated or that it was some form of personal payback. While much of the media attention has been on why Bezos was targeted and by whom, what we should be concerned about most, both personally and as data security professionals, is how we can confidently secure our data.
34% of U.S. consumers have had their personal information compromised.
2018 Consumer Cybersecurity Study, FirstData
While much of the hype is about the type of information released, we can’t forget that the attack against Bezos constitutes a data breach. Fortunately for Bezos and Amazon, the breach doesn’t appear to have extended to the retailer’s enterprise. But it just as easily could have. And the fact that Bezos’ personal device was compromised begs questions like: if the world’s richest man can be breached, how vulnerable are your employees, customers and vendors?
When you think about the number of devices being used to access your company resources, as well as the types of data they’re accessing, you may also be questioning the vulnerability of your enterprise.
If this causes more than a little anxiety, you’re in the right place. Read on to uncover:
Why you need to prioritize your data security.
Three places where your personal information is most vulnerable.
Six steps you can start taking today to secure your data.
Why Data Security Must Be a Top Priority
The threat of data breaches and cyber crimes is very real. It seems like a week can’t go by without hearing about another company whose data has been compromised. Headlines like this cause fear and worry among consumers, and often result in significant damages to the impacted organization.
In fact, the average cost of a data breach to an organization totals $3.86 million, according to the Ponemon Institute’s 2018 Cost of a Data Breach Study. Numbers like that are hard to ignore. Even if you consider yourself a small player, a data breach can be incredibly damaging, perhaps even more so. Lacking the proactive and large-scale customer loyalty and trust-building initiatives of their larger counterparts, smaller enterprises may find themselves even more ill-prepared for the loss of revenue and customer churn that often follows a data breach.
60% of SMBs report a negligent employee or contractor as being the root cause for a breach.
2018 State of Cybersecurity in Small and Medium Size Businesses, Ponemon Institute
Suffice it to say that data security should be a strategic imperative for every business, regardless of size. You need to implement security measures that are both thorough—to adequately protect your enterprise—and seamless—to ensure user adoption. So how can you be sure you’re doing everything you can to secure your data? Good data security practices start at the individual level. So let’s begin with understanding when your information is at its most vulnerable.
When Personal Data is at Greatest Risk
There are three primary places where personal information is at risk of being leaked, stolen or misappropriated:
From a cloud storage location
We’re increasingly storing data and content with cloud storage providers like Microsoft Azure, AWS and Google Drive. Cloud storage provides several benefits, including accessibility, sharing and security. But while most data stored in the cloud is encrypted, it doesn’t necessarily mean it’s safe.
Your data isn’t only at risk when it’s being stored and managed, it’s also at risk when it’s in motion. Have you ever sent a personal message or email with sensitive information, like the code to your garage door or your social security number? Anything you send via email, including photos or files, is akin to sending a postcard. Anyone can see the content if they really want to.
On the recipient's end
While the first two places are within your control, the third place isn’t. But that doesn’t mean you can turn a blind eye. If you’re sending personal or sensitive information to a third party, you need to have confidence in their security measures. Even if you do everything right on your end, once your information is in another’s possession, you’re now at the mercy of their security policies.
How You Can Strengthen Data Security
When you understand all of the ways your information is at risk, strong security can feel like a losing battle, but there are some specific things you can do to protect yourself from a breach.
Encrypt data at rest
If you want to ensure absolute privacy, you need to encrypt the content you store with a cloud provider. While cloud providers encrypt content, if they “hold the keys” to that encryption, those keys could be stolen or misused without you knowing about it. As an additional safeguard, you should encrypt content locally before uploading it to the cloud. This ensures that any breach or accidental leakage at the cloud provider does not expose your content. Both Windows and Apple operating systems come with easy-to-use tools to encrypt locally stored data where you hold the key.
Encrypt data in transit
Using encrypted channels like VPN over public WiFi can help mitigate any losses and tampering during transmission. In keeping with the postcard analogy above, think of this as sending something via registered mail. There are a number of great consumer friendly VPN services available, including Witopia, TunnelBear and NordVPN.
Back up locally
For really sensitive information that must be stored, a local backup is the best way to ensure privacy. Most backup disks also come with encryption tools to ensure the privacy of information that is backed up.
Question data policies
Understand the data governance, sharing and usage policies of the application you use to create content and the cloud service where that content is stored. Do they inspect your content in order to target advertisements to you? How much metadata about your content do they share with their advertising partners? How much control do you have over the data they collect or that you share? What are your rights to the data once you have uploaded it to the cloud provider?
Avoid free applications from unknown sources
Be clear that no-cost applications are never truly free. If you’re not paying for the service, chances are the service is somehow using your data to make money. Steer clear of sketchy apps and opt-in to only well-known applications from trusted sources, e.g. Apple App Store, Google Play, etc.
When in doubt, delete
When something can’t be found or doesn’t exist, it can’t be stolen or misused. If there’s something you really don’t want others to know about or see, then deleting it is the ultimate security precaution.
Following the recommendations above will help you strengthen your security posture. But don’t stop there. Be sure to also confirm that the recipient of your shared content is practicing similar data hygiene. And if not, take the opportunity to educate them about security best practices.
At the end of the day, we can only control so much ourselves. We have to be smart about what we share, how we share it and who we share it with. But regardless of how careful we are, once our information is shared with another person or entity, securing it and keeping it private becomes a shared responsibility. And you don’t need to be a data security professional—or Jeff Bezos—to grasp what’s at stake.
Case in point, your customers are concerned about the privacy and protection of their data, too. To learn how they feel about the current state of enterprise data security, read the results of our consumer study.