First, the system problem: Humans are fallible creatures. Regardless of the time, money and resources spent, we are simply incapable of producing perfect solutions. Everything we create has some form of imperfection. Even if we are unaware of a specific issue with a technology, we must assume that every system is inherently vulnerable, either by design or through misconfiguration. It is simply a matter of time before a vulnerability is discovered and exploited.
The Data Problem
As we have become more connected through advances in technology, the variety and volume of data has exploded exponentially. As storage and processing costs declined, organizations responded by absorbing and storing as much data as possible in hopes of discovering new insights. These developments spawned an insatiable appetite for data. As companies learned more about individual consumers, it opened up opportunities for targeted marketing. This phenomenon—commonly referred to as “surveillance capitalism” or “dataveillance”—is largely associated with “data brokers” who specialize in obtaining, sharing and selling consumer data.
The Breach Problem
Even if an organization’s intended use of consumer data is entirely ethical, the collection and storage of such data increases the risk of a breach. When—not if—this data is breached, it is no longer in the control of the user or organization, and will end up in the hands of anyone interested in exploiting it. Consumers are commonly identified across databases through unique identifiers such as email addresses, phone numbers and payment information. The more a consumer uses the same identifier, the easier it is to connect their activity. Once we come to terms with this discouraging reality, it is easy to understand why data breaches are inevitable in an increasingly networked world.
Privacy and Security Solutions
Most consumers are unaware of modern threats and how to protect against them. Aside from improving security practices, such as adopting a password manager and enabling multifactor authentication, there are simple strategies consumers can employ to reclaim ownership and control over their personal data—especially when it comes to email addresses, phone numbers and payment information.
How often are you asked for an email address? Which email address do you provide? If you share the same email address with everyone, it can be used as a unique identifier across databases. Identifiable email addresses are easy to search in breached databases and can be used for malicious purposes. To avoid these situations, consumers should limit what they provide to others in the first place. If providing an email address is truly necessary, using one associated with a “catch-all” account on a personally owned domain name can reduce its impact. An email address that has been designated as a “catch-all” account will receive any email sent to that domain name, regardless of the username. A simple way to use this technique is to use the merchant as the username (e.g., firstname.lastname@example.org). You’ll still receive any emails sent to it, you can easily tell if it is ever shared with another party, and you can always filter out that address if you no longer want to use it.
Customers are regularly asked to provide their phone number at checkout. To truly understand how rare it is for someone to refuse, politely decline the next time you are asked. The puzzled look on their face will say it all. To avoid these awkward situations, you can enter just about any phone number and still benefit from any discounts or promotions. Or, consider providing an anonymous phone number that you control. An example of one such service is MySudo from Anonyme Labs. Currently available as an iPhone app, MySudo allows you to create up to nine anonymous “Sudo” profiles, complete with a phone number that supports calls and texts, an anonymized email address, and web browser. Using multiple Sudos limits your exposure—especially since each Sudo can be “burned” and replaced. This feature is perfect when you want to interact with someone you don’t know or trust, such as when dating or selling something online.
Do you use the same payment card for all of your purchases? Do you store your card information when you make purchases online? If so, your financial security is at risk. Privacy.com allows you to create virtual debit cards that, once used, are forever tied to that merchant. If the card number is ever breached, it will not work anywhere else. Further, you can set amount limits and terminate a card at any time. Lastly, your payments will be approved no matter what billing information is entered.
By using pseudonyms and anonymous payment methods, you can prevent your real personal information from being breached. Employing all three solutions can significantly improve your privacy, anonymity and security, even in a vulnerable world. PM
Dr. Jacob Young is director of the Center for Cybersecurity and assistant professor of management information systems in the Foster College of Business at Bradley University. Visit bradley.edu/cybersecurity or follow the Center on Facebook or Twitter @BradleyCybersec to learn more.