Cybersecurity incidents are ringing out the old year with the early December announcements of compromised users accounts: 500 million for Marriott/Starwood Preferred Guest (SPG), 100 million for Quora (a “self-organizing” question-and-answer forum), and 52 million for Google+. Next year I intend to distance myself a bit from the sharing economy by managing more closely what I share inadvertently. In keeping with my belief that a “resolution” should reduce the gap between the outcomes expected and outcomes experienced and not declare a full-scale, probably unrealistic behavioral “revolution,” I am making — and recommending to others — the following tweaks:
- Lose cookie weight. Yes, the pounds do pack on between Halloween and New Year’s, disguised (at least in my own mind — avoiding full-length mirrors helps) by layered clothing, comfy sweaters, and snowboarder-loose ski pants. The other cookie weight that gets packed on is digital and comes from casually browsing retailer, mass media, and even government sites. Small files dropped onto your computer as you browse the Internet, they can give considerable insight into your online activities and preferences, and even lead to individual identification: Cookies used “for analytics, advertising and functional services such as survey and chat tools, are all examples of cookies that can identify users”. (1) Such information can also be used to develop credible, socially engineered
- Personal. Although I had turned off third-party cookies and detected trackers in my browser settings, I learned today just how many cookie crumbs I’ve amassed. Getting a jump on 2019, I cleared 421 cookies from just 16 websites or more than 26 per site — and a whopping 64 cookies from the Rubicon Project alone. The latter self-describes as “the digital advertising infrastructure company [that] is on a mission to automate buying and selling for the global online advertising industry.” This is a third-party firm that I have NEVER visited with a mission that is anathema to me. (2) Gone! After crossing the other side of the digital Rubicon, I’m feeling lighter already.
- Go on a data diet. Being a digital data hoarder is so tempting. Rather than take the time to extract the top three “aha” insights or statistics when I read an article, it is so much easier to just copy and paste the whole article to my hard drive. Computer memory is cheap and abundant — almost free, right?
- Business. Not so free! Especially for those businesses in controlled industries (e.g., military and aerospace, automotive, medical, and financial services supply chains), proliferation of data objects means there is more to track and monitor. You do not have to protect (or back up) what you do not collect, so define the purpose for gathering and saving data. Inventory data repositories, including virtual machines, for unnecessary or obsolete storage. State-level privacy laws like Colorado’s HB 1128 include provisions that require all businesses, regardless of size, to develop and implement data breach notification plans. Laws like Colorado’s also require that IT service providers who process, transmit, receive, or store protected data adhere to its provisions.
- Personal. A productivity cost I struggle with is maintaining good version control on documents I create — and not deleting the early drafts that have been abandoned. Proliferation, and management, of storage devices is another: How many thumb drives do I really need? And what is on them? How many passwords are you keeping track of? (This assumes you’ve not eliminated that need by using the same one for all your accounts.) A password manager can help you diversify your password portfolio while simplifying the tracking hassle and reducing the number of places your password can be found by others.
- Declutter email and social media accounts. Having a scary closet of things I-might-use-someday has become a family joke (or threat, when my minimalist architect daughter comes to town). Just because I can archive thousands of messages doesn’t mean I should.
- Business. Coach employees about the content contained and information revealed in email and social media accounts. The Have I Been Pwned website hosts an online tool to check whether your email accounts on your business domain have been hacked. Verification of business domain ownership is required before performing this check, although individual users can check their email accounts. Implement a strong password policy — at least 12 characters that are not easily guessable. Also at a policy level, use clear guidelines about what is/is not acceptable for social media postings — curated content can be a useful business development tool. Be sure your website is locked down so that changes can only be made by those with specific authorization,and that you’ve installed a sitewide SSL certificate to protect and reassure customers. Store payment, business confidential, and employee personal information offline.
- Personal. Google’s usefulness as an online research tool cuts in multiple directions by tracking—and sharing—information about the information that you as an individual are interested in. Its intended Facebook challenge, Google+, exposed information from up to 500,000 user accounts (information like name, birth date, relationship status) to third-party developers between 2015 and March 2018. This breach led to the announcement that the platform would be shut down in August 2019.(3) Google then announced December 11 the accelerated shutdown of the [dis]service (4) by April 2019 because the private data of some 52 million users had been exposed due to a programming flaw. (5) I just deleted my Google+ profile—which only had three photos/videos shared (not of me, but relating to—irony abounds—a security conference), two photos I’ve used on other accounts, and (intentional) misinformation about my birthday. I recommend going through the exercise! You will receive a request from Google that you explain why you are opting out. Ever disingenuous.
Facebook (6) just keeps tripping over its own data piles, which include the revelation that a requisite Android update “feature” was continuously uploaded text messages and call logs to Facebook. Back in April I checked to see what my Facebook history looked like and discovered eight installed apps (including Groupon South Africa, an artifact of a trip in 2013) and a shocking 232 advertisers that had uploaded a contact list with my info. For this article I checked again and found no linked apps and no location history. I’ll just depend on family and friends rather than Santa Claus’ stalker-like advertising claim that “he sees you when you’re sleeping” for assurance that my Christmas stocking will be filled.
Here’s to a 2019 that sees fewer notices of data compromise and unauthorized use than in 2018!
(2) One marketing strategist who analyzed banner/pop-up blocker statistics estimates that the average Internet user is treated to 11,250 ads per month—a colossal misuse of the power of technology! And, for insight about the incidental impact of popups on customer conversion rates.
©2018 Manufacturer’s Edge