Personal Data Management

Data protection/cyber security concept with lock

Is Your Data Protection Risky or Right-on?

By | Cybersecurity, Data Breach, Data Loss Prevention, Disaster Recovery, Personal Data Management, Security | No Comments

A Three-step Assessment Guide

Data is your company’s most valuable asset. Without it, you don’t have a company at all. Even so, many enterprises do not dedicate the resources needed to ensure their data protection strategy and solutions are covering them effectively. More often than not, I see considerable lag time between when enterprises invest in new technology and when they invest in an appropriate solution to protect it. This gap is a perilous window during which data is ripe for theft, corruption and/or loss. Read More

Bring Your Own Device (BYOD)

The Best Next Thing in BYOD: VMI

By | Data Loss Prevention, How To, Personal Data Management, Security, Virtualization | No Comments

BYOD (Bring Your Own Device) is a buzzword we have heard in IT and security circles for years. It speaks to questions that every business leader and IT executive must ask and answer: how do we secure and protect the growing number of mobile technologies (personal or company issued) employees want to use at work? How do we give a mobile, tech-centric workforce what it needs to succeed without putting our data and company at risk? Read More

Taking an active role in your personal data management and how it affects you.

By | Personal Data Management, Security, Uncategorized | No Comments

In light of the recent hacking scandals with large national retailers and exploit attacks into celebrity iCloud accounts, taking an active role in personal data security is more relevant than ever. Due diligence and integrity of personal data is ultimately our responsibility as end users.

Especially so, as retailers continue to lobby Washington against upgrading the magnetic strip and the infrastructure that supports the fifty-year-old technology. If you have ever traveled abroad, you may have noticed that credit cards have a small chip embedded in the top corner. What that chip provides is a platform for encrypted data transmission and PIN authentication—two-factor authentication: swipe then confirm PIN upon purchase.

Why has this technology not been adopted in America as of yet?

(Lack Of) Adoption

Well, for the reason stated above. Each embedded card has a cost of around $25, and to upgrade every point-of-sale device and the infrastructure to support this technology is going to cost billions of dollars to retailers. So you can understand the resistance. And if people are not demanding action from Congress, the status quo will continue.

“It’s important to realize that there is no silver bullet solution to having your personal data compromised.”

Even with no change in sight for the near term, there are steps you can take to protect yourself. However, it’s important to realize that there is no silver bullet solution to having your personal data compromised. We live in a fallible time and technological environment where the bad guys seem to be always a step ahead.

Taking Matters Into Your Own Hands

The good thing is, if you have ever used VPN and token to log into your work systems, you are already familiar with two-factor authentication, and adopting these methods in your personal life should be relatively painless.

Yes, taking an extra 30 seconds to log into your bank account, Gmail, iCloud, Facebook, or using a PIN to enter your smartphone may seem annoying at first, but it’s one of the many zero-cost things you can do to adopt an active role in securing your personal data. Also, asking retailers and banks for additional verbal passwords when conducting business over the phone is a great way to prevent social engineering.

Practicing proactive data security will never totally eliminate the chance of being hacked or becoming a victim of identity theft, but it dramatically lowers your attack surface. Most of the apps hackers use are tuned to find data using the lowest common denominator tactics. If you are using two-factor authentication, you make it a lot more effort than it’s worth for such hackers to take the extra time to dig in deeper on an individual level when they are scanning millions of queries. These apps are all about quantity and speed—not quality.

“Practicing proactive data security will never totally eliminate the chance of being hacked or becoming a victim of identity theft, but it dramatically lowers your attack surface.”

I would not expect any movement from Congress or regulators on forcing retailers to adopt the embedded chip standard any time soon. When providing a safe retail experience is trumped by facing billions of dollars in capital expenditures for infrastructure upgrades, they are going to slow roll this situation as long as they can.

The embedded chip is a good technology that has been adopted globally except for in the United States (much like the Metric system). With the wide adoption base, the platform has a life cycle and history. There is really no reason it can’t evolve and be improved upon for years to come. But, while there is apathy, stall tactics, and ignorance, there are always those who will look to use this time in history as a crossroads for innovation.

A Software-Defined Future

Technology companies like Apple, PayPal, and Google are developing software-defined systems that will use your smartphone, in combination with biometrics, and PIN to act as a proxy between you and your bank, facilitating an environment where your data is not even shared with retailers. This adds a third element of authentication, effectively enabling three-factor authentication.

Software-based authentication methods have the potential to eclipse the embedded chip and harness the already very powerful hardware in your smartphone. With buy-in from the banks and credit card companies already, software-defined payment is moving forward with iPay from Apple. It’s a win for the American consumer, it’s a win for Apple as it provides them with another revenue stream—and ultimately, this get retailers off the hook from spending billions on uprooting their existing infrastructure.

It will be interesting to see how the adoption into general society of the “iPay” plays out, as Google has offered these features for a few years already with Google Wallet on the Android platform.

Photo credits via Flickr: shuttercat7