Written by Andrew Kemshall
I’m assuming the majority of people are sitting smugly reading this thinking ‘of course I haven’t!’
You do everything you’re supposed to do, right? You’ve installed a firewall, you’ve got some anti-virus software, you never follow links in emails or open attachments from someone you don’t know or trust. Well, that’s all very commendable. But unfortunately it isn’t you that’s been hacked. It’s your information stored by the companies you trust that’s been compromised.
Since the start of this year, globally, there have been 365 data loss incidents involving 126,727,474 records. According to Juniper Research, 90% of organizations have suffered data breaches in one form or another over the past 12 months. Testament to this is the number of household brands that have inadvertently divulged the information of hundreds of individuals:
I would conservatively estimate that the average family’s personal information has been breached 10 times since June.
Organizations ask you to trust them to store your information. They even provide a box for you to tick to show that you don’t want your details shared with third parties. And, with the best will in the world, they don’t intend to spill their databases into the black market. However, the stark reality is that all too often someone’s lax security controls allow a malicious person to gain entry to your personal records.
Too Little Too Late
Each time an organization is breached we see them desperately trying to reassure customers that it’s all going to be okay. For example, Travelodge was at great pains to inform its customers that it hadn’t made any money by selling its customers email addresses or that their financial information was affected.
What organizations fail to grasp is that, each time your record is breached, organized cyber criminals are piecing together bits of information about you, your habits, and that of your family’s that together creates a complete picture.
There will be some that argue - what can be done with an email address? Well, a criminal could spoof you into responding to a phishing email purported to be from the bank you use or the store you shop at. If they have some further details about you, for example date of birth, children’s names, etc,. they may be able to ‘guess’ your password and access your account. Some of you may even recall, back in 2008, when Jeremy Clarkson (from the BBC show Top Gear) printed his bank account details in his column in The Sun believing there was little criminals could do with the information other than put money into his account.
Take Back Control
You can’t personally go into every organization and ask them how they protect your information. That said, perhaps if more people were willing to challenge organizations about their security strategy before doing business, companies might do more to protect your information.
However, given this isn’t going to happen any time soon, you need to treat your personal information as you would any of your physical possessions in the real world. Here is a list of things you can do to prevent cyber-criminals capitalizing on your personal information :
We’ve all got used to locking our front doors and keeping valuables out of sight. Until we can trust organizations to give our virtual possessions the same protection we need to take steps to protect ourselves.
Andy Kemshall is CTO at SecurEnvoy, a provider of tokenless two-factor authentication systems.