Security 101: Why is data constantly being stolen and what can I do about it?

Target, Bell, Neiman Marcus, and Yahoo (to name a few), have all recently had customer data stolen and it’s a trend that will continue to rise. Data is the new currency of the millennia and your data is worth a lot of money to a lot of people – Google pretty much runs their whole business on that fact. The three main reasons it’s difficult to keep data secure are 1) ease of use 2) costs and 3) human error.

1.    Ease of Use

The easier things become, the greater the chance that could lead to a security risk. Remember when you used to create a log in for every website you visited? Now you can bypass all of those long forms and just login with your Twitter or Facebook account? Yes, it’s easier but do you know specifically what data you are sending to those websites? Do you know what that website’s security practices are? How do you know they will treat your data as secure as it should be treated?

 2.    Costs

Security is a never-ending battle, and we all know how expensive those kinds of battles can be. Just because something is secure today does not mean it will be secure in the future. One of the joys (and in this case downside) of being human is that we tend to not give up. The same drive that brings out the best of us can bring out the worst of us. The same drive that the Seattle Seahawks had to win the Super Bowl is the same drive that hackers have when trying to steal incredible amounts of data. Keeping data secure is a never-ending battle. 

3.    Human Error

We all make mistakes and that is no different online. We have a large number of companies with your data, these companies have a lot of employees and they also work with vendors who have a large number of employees. Any one of those employees can make a mistake. You hope that they have a system of checks and balances, but hope is always a bad investment in security.

As a company, what should I do?

Security should never be an afterthought. You need to think about the data you are storing and how sensitive that data is. Once you understand the importance of your data you need to work with your technical team to discuss ease of use, levels of security and encryption. There are pros and cons of any solution and it’s something that should be talked about and something that is kept up and grows over time. You can’t encrypt all your data as it’ll be a determent to your customer but you need to balance the ease of use and costs with the level of security you require.

As an individual, what can I do?

A lot of companies will do whatever they can to keep your data secure, but it’s always best to do what you can as well. Here are two simple steps to help keep your data secure.

1. Multiple Passwords

We all like the ease of use of a single password but we all know in our gut how dangerous that could be. If someone hacks a website and grabs your email address and password, I guarantee they will try that same combo on a large number of websites.

One easy step is to start using different passwords across every site. This would be hard if you had to remember everything but you can use a password manager to store all of those passwords (I personally use mSecure as it’s cross platform and at a decent price).

2. Create a Password System

This is probably something you already do at work; you just probably aren’t doing a good job at it. You know how every month you need to update your password and you just increment the number at the end of the password? You have a system in place which makes it easy to change but easy to remember. We’ll just following that similar approach but making it a little more secure:

1. Take a single word that has some meaning to you, in this instance, we’ll just take “password”
2. Now remove a letter (or two), this will help protect you from dictionary brute force attacks (where hackers just cycle through words in the dictionary). In this case I’ll take out a single letter, the “o” which will leave us with “passwrd” which is not a real word and already makes your password a little more secure.
3. Now, take a single letter, we’ll go with “J” (for Jack Morton) and you can now prefix it to the beginning of the word in different amounts, we can do one or two, or any number that you like at the beginning. Now you can have “Jpasswrd”, “Jjpasswrd”, or “Jjjjpasswrd”, etc.
4. NOTE: I will usually capitalize the first letter, as it’s usually a requirement for a lot of websites.

Next up we’ll end the password with a number and a special character, in this instance we’ll go with the number of the letters in “password”, ‘8’ and a random special character: our final passwords: “Jjjpasswrd8*”, “Jjpasswrd8*”, or “Jjjjpasswrd8*” You can easily rotate between a few key words, letters, numbers, special characters and have a never ending supply of different passwords that all have a resemblance

Data will only be as secure as the people that touch it and unfortunately as your online presence becomes larger your data spreads to more and more people. Even for the solutions that try to consolidate your data to a single secure system, they will just become bigger targets. The least you should do is your part in trying to secure your own data as best you can.