In the modern age there are hundreds of companies that have access to its users personal information. Many companies require some sort of sign up process for first time users. This often involves the user giving the company their name, address, birthday, and in some cases even more sensitive information such as a credit card number. Most people do not expect this data to be leaked around the internet, but it happens quite often. When a data breach occurs, the sensitive information that is gathered is likely put up for sale on different dark web sites for anyone to purchase. This type of information breach can happen to any company, even if they might not seem like they would have much sensitive information on their customers. For example, Panera suffered a massive data breach last year where the data of 37 million customers were exposed. Here is a website that talks about some of the other biggest data breaches of last year, and dives more into the specifics of each breach. The cyber criminals that are responsible for these data breaches continue to find new hacking methods to uncover this data. So since any company seems to be susceptible to these data breaches, what can be done to improve data security and keep everyone’s data safe?
Big companies use a variety of techniques to keep their customer’s sensitive data safe. At a purely physical level they have many policies to restrict the possibility of a data breach. For example, many companies use encrypted hard drives to store information, encrypted USBs to protect moving data, and also encrypted phones to protect data shared through telephone. Many companies have policies that require theses devices to be used, and also extra policies about employees own devices. Employees are often required to use a laptop or other device that has no USB slots, and is not able to download or export data over cloud. This is to prevent data from reaching outside sources by employees. A statistic that I got from this website (also a very interesting article) says that ignorance and negligence from employees cause 54% of all data breaches.
Many people also falsely believe that the big companies just have all the data encrypted, so it would not be accessible anywayss, but that is often not the case. Most large amounts of data from companies get stored in a relational database, as it is the easiest method of storing big data. However, it is difficult to encrypt data that is stored in a relational database, so whoever has access to it can often just read the data inside. Encrypting a database is also very expensive when you are purchasing that database from another company. All companies should be required to encrypt their customers sensitive data. It is a major violation of data integrity.
People tend not to think very often about how much information about their personal lives are truly out there for companies to sell around. We have no real idea how well protected the data, that we casually enter in when registering for a website, truly is. Most likely it is going into a database with no real protection at all! Data security still has a long way to go, and certainly more companies need to start implementing better encryption of their customers data. We all need to be more careful with our sensitive information, and pause to think where exactly the credit card number we are entering in is really going.
Nick Bagley
Information Science 