Is your Data Safe with Corporates?

Increasingly, more and more Corporates are collecting your private and personal data, in the name of personalized services. However, secure handling and protection of your private data by Corporates is still a big concern. For the past few weeks, some of the recent instances of data mishandling cases are as follows:

1.   Recently, China based Apple contractors were caught selling valid Apple user's data such as user names, phone numbers, Apple IDs for amount ranging from 1.5$ to 26.5$ per user. The contractors allegedly got access to the data from 3rd party facilities used by Apple at some point of time (Source). 

2.   A top Uber executing got fired, who obtained medical records of Delhi rape victim against Uber policy, the incident happened in a Uber car during 2014 (Source).

3.   An ex-administrator of the Hosting company Verelox deleted all the customer data and wiped out virtual servers (Source). Worst point is that Verelox could not retrieve back the whole of the data.

4.   In various cities of India, data brokers were caught selling personal data (residential address, phone number, email id, age, income etc.) for less than 1 Rupee per user!! (Source). 

Above are just some of the known examples. In general, secure data mis-handling is a big issue. As a survey (Source), 75% of the companies in EU are facing following challenges while implementing accountability to their customer data:

1.   Challenge to identify personal information on their systems, understand who has access to it and who is accessing it, and know when this data can and should be deleted.

2.   Challenge to ensure least privilege access, implement accountability via data owners and provide reports that policies and processes are in place and successful.

As many corporates, including many reputed ones, struggle to protect your private data, the responsibility lies with us to safeguard it. Out of many, some of the main security best practices, that we should start implementing from today, are as follows:

1.   Social Network Security: Restrict access to your public data on Facebook, Twitter, LinkedIn, G+ etc. Do not opt for Free goodies / services, and providing your personal details. 

2.   Mobile Security: Install only the trusted apps on your mobile. Grant permissions to only the trusted apps. Do not download apps from untrusted sources. 

3.   Browser Security: Uninstall unnecessary plunging in your browser. Delete cache, history and cookies regularly. 

4.   Email Security: Do not click on links or download attachments from untrusted sources. Do not forward messages, just because it has an emotional message. 

5.   OS Security: Keep your OS and software including browsers upto date wrt security patches. Do not install software from unknown sources.