In an era of constant likes and shares, where is the privacy line drawn? Are you someone who worries about being watched as you purchase an item online? Or do you consider loss of privacy the price you pay for having the world at your fingertips.
Forrester recently released a report that reveals the characteristics of users and the factors that go into how much – or how little – each category of user shares. “We frequently hear that Millennials don’t care about privacy — just look at everything they share on social media! But this ignores the fact that Millennials actually manage their online identities quite aggressively."
"While it may appear that they overshare online, they use privacy settings, ephemeral messaging, and browser plug-ins to control who sees what about them. This is exactly how most of us behave in the physical world: Our willingness to share personal information with specific people changes depending on our relationship with them.”
The research firm has conveniently created four categories for the different sharing types.
At one end of the spectrum are the Nervous Nellies, who Forrester says are at least 50 years old and who keep their personal information close to the vest. On the other end of the spectrum are the Reckless Rebels. As you may have guessed, they throw caution to the wind and lack any filters when it comes to sharing personal information.
Forrester says two-thirds of US adults online are willing to share some of their personal information in exchange for benefits, while only one-third can’t be motivated to share any of it for any reason.
Data-Savvy Digitals: These are the tech-savvy “digital natives.” They are comfortable with the notion of a collaborative internet, where they use their personal data to “pay” for free content and services. But don’t think they aren’t privacy conscious: This group of young people will gladly use technology and sophisticated identity obfuscation tactics if they don’t trust you — or how you’re going to use their personal data. This group is also the most socially conscious: They expect firms to “give back” and consider themselves environmentally aware. These individuals actually take the time to read privacy policies and are willing to cancel a transaction if they don’t like what they see.
Reckless Rebels: This category of users are disenfranchised and think they have nothing to lose. They share their personal data widely and take few or no precautions to protect their privacy. A significant number of them are college-aged, and they haven’t faced the challenges of job hunting or credit seeking yet. Individuals in this group may change their reckless behavior as their life stage changes.
This segment has the largest share of consumers ages 18 to 24, and they skew female. They take the fewest measures to protect their privacy, and many say they don’t intend to take precautions like using online cookie trackers or data encryption.
Nervous Nellies: They are the parents and grandparents who struggle to strike a balance between being connected and being safe. It’s not that they don’t want to protect their privacy, it’s that they don’t know how. They also think the consumer data ecosystem is far less huge than it really is.
Not only are they the least likely to use privacy protection tools like “Do Not Track,” data encryption, or device autolock, they are also the least likely to be aware of what these tools actually are.
They are very informed and concerned about their privacy, and nothing will motivate them to share their personal information. They are highly skeptical that companies — especially social networks and media firms — will keep their information secure.
Tips for online safety
So now that you know the characteristics for each category, security industry professionals have some best practices for online safety, tailored for each group.
Richard Stiennon, chief strategy officer at Blancco Technology Group, said just because you can’t see files on your desktop/laptop computer doesn’t mean they’re gone. When you drag files to the recycle bin on your computer and/or reformat your hard drive, the data isn’t really gone. “Imagine your hard drive is like a library. To find the book you want, you get a reference number from the library’s database – and that leads you to the section of the library where the book can be physically found. But the book still remains in the library and it just becomes a case of using more sophisticated methods to locate it. Secure erasure of your files is the best way to make sure your data is truly destroyed,” he said.
How often do you charge your personal smartphone by plugging a USB cord into your company laptop? How often do you charge your work phone by plugging a USB cord into your personal laptop? “Chances are, you do this multiple times a day. Once connected, a lot of devices begin automatically syncing without notice and transferring files between the two. If you’re plugging devices into one another, beware of which files you may be transferring because sensitive information like photos, emails, contacts and usernames and passwords could be hacked and eventually leaked,” Stiennon said.
Formatting removable media (i.e., SD cards, USB sticks) isn’t the same as erasing data. External SD cards make it easy and efficient to transfer data from device to another, but it also increases the chances of sensitive information being leaked, Stiennon said. Why? Emails, contacts, photos, videos and other files can be saved on the SD card instead of the device itself. So if the SD card is lost or stolen, it can be easily transferred to another device. And formatting removable flash media, such as USB sticks and SD cards, doesn’t actually erase the data forever.
“So all of those emails, photos, videos and other sensitive files could very well come back to haunt you,” he said. To securely erase an external SD card so that the data can never resurface – remove the SD card and insert it into a computer, which can correctly detect all of its sectors and run software to securely erase everything.
Another tip: Don’t forget to erase data from a loaner device. If you have trouble with your mobile device, you might be given a temporary “loaner phone” to use until your own phone is fixed. In the meantime, you’ll probably use the loaner phone to save new contacts, photos and videos, as well as send emails from your work email account. But when it’s time to get your own phone back and return the loaner device, make sure all of that data has been permanently erased. And remember, if you have an Android device, a factory reset doesn’t properly erase the data and leaves it exposed and potentially accessible to the next person who uses the loaner device, Stiennon said.
And when you close an account with a business or website, ask for proof, Stiennon advised. When the personal information of over 32 million registered users of dating website Ashley Madison were leaked, the consequences were much more profound. What really stood out in this case was the underlying cause – users had paid for the site’s $20 “Full Delete” program with the understanding that their information would be removed completely from the site. But that didn’t actually happen and users had their data resurface. “The lesson here is to always ask for proof that your data has been permanently erased from all locations where it’s being stored,” he said.
More privacy risks
“We face a world where our lives have become largely digital, and security and privacy breaches are commonplace. We recently surveyed our users and found that 85 percent are more concerned about their online privacy and security today than they were a year ago,” said David Gorodyansky, CEO of Anchor Free.
Why is that? Sixty-three percent are more concerned about keeping their personal information private today because of the U.S. elections and the new administration; and 52 percent say it’s because of the recent large-scale email hacks (for example Yahoo), Gorodyansky said.
“It seems that people are finally waking up and taking privacy and security into their own hands," he added.
Nuance Communications Vice President Chris Strammiello said when taking steps to protect online privacy, companies shouldn’t overlook documents that transition between paper and digital formats during their life cycle. In particular, those transition points, such as document scanning and printing, can introduce risk that threatens data privacy. Documents from employers, banks, vendors and more can include sensitive information such as Social Security numbers, bank account information and birth dates.
“Safeguard privacy by placing filters within scanning applications to restrict document access. These content filters can search for specific words or character strings like ‘confidential’ or ‘non-disclosure’ once they are transformed to a searchable format during the scanning process. After terms are identified, the software can take any number of actions, including automatically encrypting the file prior to sending, or perhaps quarantine or delete the file altogether,” Strammiello said.
He also stated that often companies make the mistake of attempting to cover up private information, like a Social Security number, by using a drawing markup tool, such as a rectangle with solid fill. “The only secure way to do redaction is with a redaction tool, commonly found in PDF software. These tools don’t just cover up text or images; they replace the selected areas pixel by pixel with redaction fill,” he said.
Printing is a data privacy tactic that is notoriously overlooked, Strammiello said. Due to the non-searchable format of printed documents, they can be difficult to track and dangerous to store. “Plus, consider the human error involved; accidentally taking the wrong document from the printer or maliciously distributing copies outside of an organization can be just as damaging as a hacker or malware. Establishing a robust print and capture log can help with these protection efforts,” he said.
What enterprises need to do
Encouraging employees to use their personal devices for work can increase collaboration and productivity, but BYOD can also weaken security and enterprise data protection. “As the lines between personal and corporate data become blurred, people may resist turning on conventional mobile device management to protect their personal privacy and information from their company,” said Manoj Raisinghani, vice president for Mobility Platforms at Citrix.
With employee owned smartphones and tablets used in the enterprise projected to exceed 1 billion by 2018, IT departments need to provide employees with mobile security that creates a barrier between personal and corporate information and apps to make sure people trust and embrace mobile security. This ability to separate personal and corporate information is a key advantage of integrated enterprise mobility management solutions, and a critical requirement to persuade employees to embrace mobile security.
Businesses need IT security tools that adapt to the way people work, such as secure browsers that make web apps more reliable and easy to use, while preventing security risks, said Calvin Hsu, a vice president at Citrix. “If more organizations focus on providing intuitive security tools like a secure browser that simplify security, security will be stronger, the risk of a catastrophic breach will be reduced, and the organization will be safer.”
With data and applications living in public, private and hybrid clouds, as well as traditional on-premises infrastructure, networks transporting this data to users and devices becomes a key point of entry for adversaries. To create a more secure environment for employees and ensure corporate data is not at risk, enterprises should focus on network solutions that are based on contextual access – that is, granting access based on typical user behavior, device and location of the device, said Steve Shah, vice president of product management, NetScaler at Citrix. “With the onset of IoT, connectivity will expand at a rapid pace, and the best way for organizations to maintain integrity of secure networks, and minimize exposure of those connections, is to take an access-based approach.”
The impact of changing regulations around data protection globally is causing concern for companies as they embrace the cloud, said Michael Elliott, cloud evangelist at NetApp. "Recently, the data privacy landscape has been muddled with news of data risks within cloud enablement and implementation. Keeping your data next to – rather than in – the cloud, represents a solution that mitigates data privacy and sovereignty issues by allowing companies to have complete control over their data, while still safely embracing the scale and flexibility that cloud compute has to offer.”
Lance Weaver, vice president of offer management and platform strategies at Equinix, said increasingly, enterprises are placing, managing and analyzing data in proximity to the users, services and clouds. “This is driving adoption of an interconnection oriented architecture that not only improves data accessibility, security and control but also satisfies data privacy and sovereignty requirements that dictate data containment in a specific node or location. Bypassing the public internet, directly connecting users and clouds locally, can enable a critical layer of protection for their hybrid and multi-cloud deployments to ensure data privacy.”