What do they do with my data?

I recently purchased my first residential property, so I have had firsthand experience of the rather harrowing process of applying for a mortgage through a mortgage originator. The application process required handing over a plethora of personal information, including my personal identity number, bank details and salary slips. I understand that the financial institution needs this information to register and validate me, but if a criminal got hold of it, I could lose everything.
This got me wondering (in a slightly panicky fashion): Can I trust my suppliers to keep my personal information secure?

I assume that because I’m dealing with a reputable company, my information will remain safe. But sadly, thanks to Google, my panic level rose as my search result revealed numerous data breaches leading to millions of personal records landing in malicious hands.

What companies should be doing:

Given the rise in these malicious attacks and the potential impact, companies should consider a holistic approach to protecting data wherever it is – at rest, in motion or in use.

I recently read an article quoting Tim Matthews, Senior Director of Product Marketing at Symantec: “The good news is that there is a straightforward regimen to help stop these kinds of risks.”

Matthews recommended that companies look at the following security measures:

1. Installing device control: where no copying onto a disk of any type is possible, or via Bluetooth or Wi-Fi data transfer.
2. Endpoint data loss prevention methods: which prevents sensitive data from being copied - copying of data or files is blocked based on content.
3. Encryption: these types of programs render some or all data unreadable by anyone who does not have proper authorisation, should they bypass the access control to these documents. End-to-end encryption is preferable because at every stage whether data is in use, in motion or at rest, is it encrypted and secure, and it is never ‘in the clear’.

Furthermore, documents that contain sensitive information, such as my electronic statements, should always be encrypted and password protected. In an online environment, companies can have firewalls and monitoring facilities where they can detect a breach. Whereas once a document is emailed out, the biller has no control over who can get access to that customer’s information. The sensitive information in these documents can include credit card information and personal identification details like ID number and date of birth. The only way to prevent unsolicited access is to password protect the document.

I wholeheartedly agree with Matthews' statement: “With such well understood defences available, companies really have no excuse for not putting them in place.”

What should I be doing?

Simply put, I need to be cautious and vigilant. Always find out who is receiving my personal information and ensure that they implement the appropriate defences.

The cost of a data breach

The 2012 Verizon Data Breach Investigations report says that in 2011 there were 855 data breach incidents involving 174 million compromised records.

The personal cost of a security breach to each compromised individual is potentially massive: a sudden zero bank balance or complete identity theft. But the cost to companies can be catastrophic. From Symantec’s Cost of Data Breach study, United States (2011), the average cost per data breach for an organisation is $5.5 million, or $194 per record.

While customers need to be cautious and vigilant when sharing personal information, organisations collecting customer data must ensure that they implement the necessary defenses against data breaches - don’t take the risk. Increase your security and reduce risk with 'Push' eDocument delivery, call us for a free consultation.

Simon Johnston
striata.com