Have you ever stopped and thought about how much you use the Internet, your phone, or other digital channels in a day, or even just an hour? It is most likely more than you think. The digital world has become entwined in our daily life, and while the online world brings convenience, we have become a bit contradictory in the way we think about the security of our information.
In our physical world, we keep a close eye on our purses, wallets and tangible possessions, so why don’t we do the same in our digital one? Far too often we sign up for different accounts and add our information, but give little thought to how this information is protected by the organizations to who we hand it over.
What we forget about our data, everything from personal to financial, is how easily it can fall into the wrong hands. As our world becomes increasingly mobile, is it time to re-evaluate the value our data holds and start viewing data privacy as a human right, rather than a just nice to have?
Over the last few years, there have been increasing reports about hacking and data breaches where groups or individuals have forced their way into an organization’s computer systems and stolen user information from these systems. Now let’s not get in to the rights or wrongs of the individuals and groups hacking the systems, as some say that they are doing it to show a lack of importance given to the security of information, and others because of monetary gains. Whatever the reasons, hacking and the stealing of private individuals’ and corporate information happens and most organizations still seem to have a laissez-faire attitude to it.
This is unsustainable. The information that is taken is often personal information: email addresses, telephone numbers physical addresses, logon details, etc. This is all information that should never be available on a web server, a web server connected database, or on any computer that has a web connection. This is all information that is highly sensitive and often can’t even have a maximum monetary value put on it; nevertheless, when a breach happens, most organizations simply downplay the impact to those affected or merely offer an apology and say they will “evaluate” their current policies and then simply move on to business as normal. This lack of respect for confidential information highlights how deeply the security industry is broken.
To be fair, there are some regulations in place like HIPAA, PCI DSS, and ISO that offer standards for organizations to understand how to conduct security, and there are also industry best practices that have become accepted as proper procedures; however, these serve more as a guideline and are often up to each individual organization to decide what procedures, products, or security strategy they want to implement.
When you think about the value of the information users are submitting to organizations that is highly sought after by hackers to capitalize on and sell to the black market, it surely is not too much to ask that organizations have a responsibility in protecting this data. After all, users are generally paying organizations for a service or product. Shouldn’t part of that payment be for the safe keeping of their information?
Cybersecurity protection efforts have largely fallen on private sector institutions, but many government officials and security experts believe not enough is being done and more standard regulations are needed. The current federal regulations don’t specify what cybersecurity measures must be implemented and require only a “reasonable” level of security, which leaves room for interpretation.
However, as the number of security breaches and threats continue to rise, it is time we start taking data protection more seriously and viewing it as a human right. It is time we take a closer look at the standards organizations are using and re-evaluate what tools are needed to keep user information protected from hackers ready to access to steal the information and use it how they wish.
No comments:
Post a Comment