Page 26 - index
P. 26
• Think before you click on emails, websites, etc.
• Keep a password on all your devices including home computers, phone, etc. and be
sure to change the default ones (if your router default password is still “Admin” you might
want to change that).
• Add a second factor authentication to your accounts (like email). Second factor is
normally a generated password or SMS message on your phone that is required to log
into the account. It makes it much harder to hack the account.
• Check and consider restricting your privacy settings on your social media accounts (like
facebook). Having a public facebook account can generate issues.
So what can be done to really make progress on this issue? Here’s a proposal: a delete button
to truly offer sustained online privacy.
Two key changes could make a huge difference. First, instead of each company having a copy
of their users’ personal information, it could reside externally, in just one place, protected by a
host of the industry’s best security measures. Second, each user should have the power and
control to grant permission, as they see fit, for companies to access their personal data. This
can be configured so that companies still keep detailed interaction data and other information
necessary for business insights. This way, even if a company that uses data is hacked, little is
gained because the critical, personal information would reside elsewhere. Since each user has
to grant permission to access their privacy information, the hack has limited scalability. This also
opens the door for a delete button in the name of privacy. An individual could finally be in control
of how their data is used, with a simple delete button that erases their stored information and
restricts outside access to it.
This is a big change, and from the companies’ side it has a distinct list of pros and cons. The
benefits are that security is a lot more cost effective for a business when it has less valuable
information to protect. The challenge here is that they would have access to much less private
information which hinders the accuracy of targeted ads (and other data uses).
In the past, it was clear that economically it was better to have as much user information as
could be collected, and to consider privacy and data storage expenses as just a burdensome
cost. But, given the extreme costs that are now necessary to maintain this information, the risks
taken by a company when storing valuable data that appeals to hackers, and the growing
sentiment of individuals that privacy is of personal importance, I think the time has come to
move towards to limited data residing in the company, with external user controlled access to
the more sensitive information.
So what this means from the user point of view is a dramatic improvement in privacy. It means
that companies, by default, would know nothing about us; they would have only aggregate
information, but nothing personal. And, any time we elect to use a company’s services, say to
order a product, we would give them permission to access our data for only that exact
transaction. After that, they no longer would have our information. Poof. Companies would use
and store only the key necessary to retrieve from the external source, but without the users’
permission, that key remains useless. This is a big improvement for us as individuals and a
significant trust builder between companies and their customers. Any company willing to follow
this process, give up carte-blanche access to user data, and be certified, is much easier to trust
and work with.
So who will create this? When can we use it?
26 Cyber Warnings E-Magazine – July 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
