{"id":175710,"date":"2023-05-31T08:37:44","date_gmt":"2023-05-31T15:37:44","guid":{"rendered":"https:\/\/inbusinessphx.com\/?p=175710"},"modified":"2023-05-31T08:37:44","modified_gmt":"2023-05-31T15:37:44","slug":"privacy-is-security-how-businesses-can-earn-trust-while-handling-individual-data-online","status":"publish","type":"post","link":"https:\/\/staging.inbusinessphx.com\/?p=175710","title":{"rendered":"Privacy Is Security: How Businesses Can Earn Trust while Handling Individual Data Online"},"content":{"rendered":"

\"Data<\/a><\/p>\n

To understand how intertwined online privacy and security have become, consider the humble company-issued laptop. The device might only be given to a new hire after he or she passes a series of mandatory security clearances. Some employees will be asked to provide a fingerprint or facial recognition to use their laptop at all. At a minimum, a unique password is required at sign-in, and that password must be changed out periodically. The parameters of the employees\u2019 online experience are predefined to limit exposure to suspicious websites. Two-factor authentication is required to access sensitive information. Then, when the employee leaves the company, they must hand over the laptop. Any access privileges they gained are revoked, as if they had never joined the company in the first place.<\/p>\n

To insist on strict security protocols like these from a potential business partner is not too much to ask in 2023, when defining your organization\u2019s boundaries for security and privacy is \u2015 or should be \u2015 the name of the game. Limiting your employees and clients to security risks is the first rule of doing business online. Following that rule is easier said than done, but it begins with a basic principle: privacy is security.<\/p>\n

Imagine you\u2019re about to go on vacation, and you need someone to watch your house while you\u2019re away. Your neighbor next door is nosier. They\u2019re always giving you mail that \u201caccidentally\u201d got delivered to them. Your neighbor across the street is quieter and keeps to himself. Which of the two would you ask to keep an eye on your house? The nosy neighbor seems a bit riskier \u2015\u00a0 will she poke around and take something? \u2015 while the neighbor across the street seems more likely to bring in the mail, then leave. He\u2019s never seemed interested in the details of your life. If you\u2019ve ever been in this situation, the idea that \u201cprivacy equals security\u201d should be intuitive.<\/p>\n

Similarly, if you visit a website and it asks for a lot of personal details, at what point should you draw the line? There are no hard and fast rules, but the answer boils down to trust. To convert potential clients and customers, they must first trust in your ability to limit their risk by safeguarding their private data.<\/p>\n

New focus on security<\/strong><\/p>\n

To get a rough estimate of the value of individual data, consider the $1.3 billion payout Meta (the parent company of Facebook) recently agreed to in a class-action lawsuit settlement<\/a> as a result of sharing users\u2019 personal data with third parties. The revelation of Facebook\u2019s data-selling habits sparked a \u201cGreat Privacy Awakening\u201d<\/a> that ultimately moved legislators in Europe and California to pass laws requiring websites to disclose to users whether their data is being shared with third parties, and offer the ability to opt-out of data sharing altogether.<\/p>\n

With greater public awareness of the corporate data-sharing landscape came fear. If your online business habits routinely require inputting names, addresses, credit card numbers, and other personally identifying information, some might draw a drastic conclusion: don\u2019t share anything with websites that have no value to you. If that seems overcautious, here are some practical guidelines to keep your data \u2015 and those of your customers and clients \u2015 safe:<\/p>\n

    \n
  1. Always look for a \u201clock\u201d icon on your browser bar. This indicates the website you\u2019re visiting encrypts its traffic. In effect, the data it\u2019s interchanging between your server and its computer needs to flow through a lot of different column pipes. Observing these strict protocols helps keep your data private and the interaction secure.<\/li>\n
  2. Never use the same password twice. Password managers like OnePassword, MacOS\/iCloud Keychain, and Google Chrome\u2019s own built-in manager allow users to store thousands of unique passwords, effectively eliminating the need to remember more than one. When you do not re-use passwords, if any one password is compromised, it will affect only one protected website\/account.<\/li>\n
  3. Use 2-factor authentication whenever possible. Many websites support a variety of 2-factor authentication tools<\/a>, which effectively require you to confirm on multiple devices that you\u2019re trying to log in to a site. The power of this protocol is well-documented; 2-factor authentication could have saved the former President of the United States a breach of his Twitter account<\/a>.<\/li>\n
  4. If your device offers some kind of biometric ID \u2013 facial or fingerprint recognition \u2013 use it. The data they use to scan you is far more complex than a 4-digit unlock code. Then go into your device settings, and set a more complex (but memorable) device passcode. I think of my phone as my offboard brain \u2013 it might have more sensitive data about me and my contacts than any other device.<\/li>\n
  5. When dealing with financial institutions, review their security protocols when you first open an account. They should require customers to verify any large withdrawals by answering an automatic phone call and speaking to a live customer service agent. Ask them about their fraud prevention procedures. How do they verify credit card transactions, and what is their dispute process? This extra step can safeguard against fraudulent transactions. It\u2019s easier for hackers to steal your username, password, and\/or email address than to gain access to your phone number.<\/li>\n
  6. The services you use are obligated to tell you if your personal information has been compromised. However, it\u2019s easy to lose track of these notifications if you don\u2019t act on them immediately. Like reviewing your budget, or spring cleaning, you should periodically check a service like \u201cHave I Been Pwned<\/a>\u201d and look up your email address to see if your data has been released in a security breach. If you see that a breach has exposed your password, change it \u2013 and see #2 for using a password manager to both remember it, and keep it secure. I made myself a recurring reminder to check this every 6 months.<\/li>\n
  7. If a breached service you\u2019ve used in the past offers you an identity protection package \u2013 take it. They wouldn\u2019t offer it if the information that was released wasn\u2019t highly sensitive.<\/li>\n<\/ol>\n

    A question of trust<\/strong><\/p>\n

    Any online security method you use boils down to a common principle: trust. In the case of a financial institution, your reason for trusting it with large amounts of money (or not) are obvious.<\/p>\n

    The reasons for using a reputable email server might seem less obvious, but consider the example of Microsoft Office. It uses background tools that will allow an IT expert, auditor, or lawyer to see who logged into your email account, where they were at the time of access, how long they were logged in, and what they did while they had access. This information can then be shared with law enforcement to help determine if the hacker committed a crime. On the other hand, law enforcement can also subpoena Microsoft to get access to this data \u2013 something to bear in mind for how you operate your business, and how you share data over email.<\/p>\n

    The same principle applies to password managers or 2-factor authentication platforms. You can trust the established players in these spaces with your personal information because you can be more confident they will keep your data private. They should use multiple layers of security that make it difficult for hackers to access an individual\u2019s private information. When in doubt, reading the privacy policy is a basic first step toward establishing trust in their process. The policy\u2019s verbiage should be unique, not copy-pasted from that of a reputable company \u2015 never screenshotted, making it impossible to highlight the text. News of any data breach and how it was handled will also reveal how well these platforms keep their users\u2019 data secure.<\/p>\n

    Establishing trust on an institutional level is not as straightforward as one person reading a privacy policy. When two businesses begin a relationship that involves sharing customer data, it is common to perform risk assessments and security questionnaires to establish trust. As in the example of the company laptop, it\u2019s important to know how long a business keeps past customer and client data on file after their relationship is severed. The answer will reveal a lot about how they value security and privacy. Written privacy policies are important here, too. As a general rule, longer and more thorough privacy policies are more trustworthy \u2015 but they should be read by someone with legal experience. Some of the basics that apply on an individual level apply to business practices too, like which email client they use and whether 2-factor authentication is required to log in to company social media accounts. The more critical the data you\u2019ll share, the more you\u2019ll want to assess and verify the policies and procedures a company follows \u2013 something like a SOC 2 Type II document can go a long way, because it will document a company\u2019s security and privacy controls using the SOC 2 criteria, and it\u2019s audited by a reputable third party.<\/p>\n

    The future of privacy and security<\/strong><\/p>\n

    As the cat-and-mouse game between hackers and security providers evolves, keeping pace can make a person dizzy. One new wrinkle is AI. When viewing a privacy policy online, search the page for the phrase \u201cas an AI language model.\u201d It\u2019s a common series of words generated by many AI language models, which are increasingly being used to create privacy policies; a policy drafted and reviewed by a human lawyer (i.e., the thorough ones) will not include this phrase.<\/p>\n

    When it comes to online security, establishing trust will only become a more important focal point of any business relationship. That means increased vigilance on the part of individuals, even if that means something as simple as changing out your passwords more frequently. Privacy and security will be forever intertwined, so always be mindful of who has access to customer and client data. That basic principle will go a long way.<\/p>\n

    Paul DeLeeuw<\/em> is a tech Lead at ddm marketing+communications<\/a>, a leading marketing agency for highly complex and highly regulated industries.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

    To understand how intertwined online privacy and security have become, consider the humble company-issued laptop. The device might only be given to a new hire after he or she passes a series of mandatory security clearances. Some employees will be asked to provide a fingerprint or facial recognition to use their laptop at all. At […]<\/p>\n","protected":false},"author":2,"featured_media":14060,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[7],"tags":[12],"class_list":["post-175710","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology-innovation","tag-featured-stories"],"_links":{"self":[{"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/wp\/v2\/posts\/175710","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=175710"}],"version-history":[{"count":0,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/wp\/v2\/posts\/175710\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=175710"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=175710"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.inbusinessphx.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=175710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}