We are told that we should secure our data against data breaches and make sure we don’t tell people and companies un-necessary information about ourselves. Just 15 years ago we were told to shred our old post and envelops for fear of thieves going through our bins.
Yet on the other hand, today people will tell you that there’s no point as all our data is out there, its been breached and hacked already, sold multiple times, and anyway we post the craziest details all over Facebook, so why secure your data against a data breach now? Why stop sharing everything?
This last point of view comes from the fact that many large corporations don’t seem to care about your data as much as you may have hoped.
The well-known password security company Dashlane has compiled a list of the top 20 data breaches of 2018. If you thought that the British Airways case was bad take a look at the list, it only just made the list at number 20.
The list shows that just under 3 billion data records were stolen. And this was ONLY 2018. The chances that your data is not on this list is quite small – somewhere some part of your data is already compromised. Especially if you add the many smaller hacks of 2018 and those of previous years.
We are heading into 2019 and I am wondering is securing my data worth it today, since its already out there?
I take the view that it is. Hackers don’t know what my new passwords are, things that I have added today, things I have updated etc. My profile changes all the time. I am working to actively make my historical data out of date and not useful. Change passwords, stop adding sensitive data to social media, only give data that companies need to interact with them. For example, why give a correct Date of Birth unless is essential? Your main email – why give that? Your mobile number – why give that? Your correct zip code – why give that? Unsubscribe as soon as it’s not useful, why not?
Each bit of data given should be questioned and if you think its not important to the actual transaction then don’t give the data. That hotel site, why does it need your Date of birth or your main email address? We have responsibilities too.
Companies take more data than they need and then don’t secure it as we have seen. I understand that new platforms are trying to automate ‘trust’ by vetting guests or workers before they use the platform so that providers and users can trust the site. But the platform must then be responsible for the data. Again the hotel is a good example – You can pay cash at a hotel and they don’t know anything much about you…. AirBnB on the other hand needs to know your complete verified identity just to sign up and book. The duty of care here for data is completely different.
Looking forward to December 2019, I wonder what the list will look like, one thing for sure it won’t be an empty list! Ask any security expert today what the biggest risk in December 2019 will be and they wont know – hacking threats change and update all the time. Is it finally time to look at information insurance? To buy that data recovery policy? To ask your broker about your business insurance?