Every week, we see more and more headlines about websites and services being hacked and their data being breached. This week alone, more than 23 million records for over 66,000 users were leaked from a popular gaming site, 70GB of records were leaked from men’s clothing store Bonobos and 2.8 million records were leaked from an online dating site.
With these leaks becoming more frequent, users may feel hopeless in stemming the tide of private information becoming publicly. How are you supposed to protect your data when it’s being stored in places you don’t control and in manners you have no control over? There are a few key pieces of information to consider when deciding what information to disclose.
Keep Personal Data Personal
First, it’s important to understand the relationship between a user and a cloud platform, social network or service provider. As a user, you are relying on the security of these platforms or services as a custodian of your data. You should take an active role in determining whether you trust them to hold and store personal information and if you feel comfortable losing control of that information.
For example, when you create a profile on a site and fill out the new user form, you’re initially providing them, at minimum, something uniquely identifiable to you, like your e-mail address, your name, etc. Depending on the service, you may also be providing information on income, age, race/nationality, religious affiliation, etc. When online shopping, you also providing payment information, home or work address, as well as a level of transaction history. For dating sites, the information may be even more personal.
Once it’s Gone, You Can’t Get it Back
The most important thing for users to know that once this data has leaked, there is no way to ultimately fix or erase it. The disclosure is irreversible, and even worse, you can rarely ensure that the data isn’t published. As such, users must ensure their data is in as few places as possible and relevant to the service that they are consuming. There are also several ways for users to determine what information has been leaked in previous data breaches, which can keep themselves protected if it reaches the wrong hands.
Take Direct Action
We recommend that users take a direct role in the control of their data to the extent of their abilities. This can be achieved by declining to provide personal information during new account creation with a service or deciding to not use a specific provider because the amount of personal information they are requesting is irrelevant to the service. We also recommend that individuals use a data breach search engine (for example, https://haveibeenpwned.com) to determine what private information of theirs is already available in previously breached data sets to mitigate the potential damage.
Once a user is aware of what data is out there, they can make educated efforts to reduce the danger of that data set being published by changing passwords, PIN codes, bank account numbers, etc. This knowledge can be eye-opening and provide a stark but helpful picture about how much data has been provided to third parties and services, as well as how far that data has gone from the place it was initially entered.
The market has spoken, and cloud applications and services are here to stay. As users, it’s our duty to recognize and hold them accountable for protecting your data. This role been taken for granted in the past, and we are all paying the price as more and more of our private data becomes public.
At iVision, we are passionate about helping individuals maintain control of their data, manage their privacy and regain as much control as possible. It may seem like a constant battle, but by simply paying attention to the provided data and who you are providing it to, you can start to be more cautious and work to mitigate the threat data breaches can pose you or your organization.