User data breaches seem to happen with more and more frequency. An unfortunate fact of digital living is the ongoing erosion of user data security. According to Farai Chideya at FiveThirtyEight, the growth in modern data breaches may be due in part to security tools never suited to the way they are currently used.
Social security numbers, for example, were never intended to function as both identification and authentication. While most users should understand that modern security systems will not allow the same text to be used for both the username and password, databases holding valuable consumer information are often not suited to such a task.
Just need to find the right key somewhere...
If my social security number can be used to find my name, or vice versa, the only remaining piece of data a wannabe identity thief might need to build a digitally-equivalent skeleton key would be my date of birth. And as any Facebook user can attest per the deluge of annual push-notified birthday wishes, that information is no longer hard to find.
Image credit: Plenty.r, Flikr.
In college, for example, I can remember being routinely asked for pieces of my social security number to identify myself in various campus offices. With the almost systematic deployment of social security numbers as both authentication and identification for years, the United States is reaching a boiling point regarding the lax data security practices leading to such widespread data breaches.
Despite insistence from the Social Security Administration that people are only required to give the number to employers and financial institutions, businesses are allowed to impose their own conditions on the service eligibility. As Farai quips, “No shoes, no shirt, no SSN, no service?” Given a generally widespread lack of federal regulatory oversight around the use of Social Security Numbers, it’s easy to understand how it becomes increasingly difficult to secure records that are already otherwise available from a number of places.
Leaks are everywhere, after all.
Consider, for example, just a few examples of the data security incidents reported in just 2015 alone:
- In February 2015, health insurer Anthem announced a recent security breach that left an incredible 80 million patient and employee records exposed to intruders.
- In April and May 2015, the US Office of Personnel Management confirmed two separate breaches that affected 4.2 and 21.5 million individuals, respectively, including some biometrically-identifying samples like fingerprints.
- June 2015, password management company LastPass confirmed suspicious activity in subscriber data, working to protect the login credentials served through its partners.
- In July 2015, a group named “The Impact Team” stole the user data behind extramarital affair site Ashley Madison and posted the more than 25 gigabytes of data publicly.
- In October 2015, nearly 15 additional gigabytes of user details were posted from creative crowdfunding network site Patreon.
User data security is key to creating long-term loyal brand promoters.
A report released by IBM suggests that consumers are 89 percent more willing to share their location data and 65 percent more willing to share personally identifiable information with “trusted” than “average” brands.
As marketers struggle toward a world of seamless customer engagement stretching from home, to the connected car, and the rest of the Internet of Things, brands will need to earn and maintain the trust of their customers. Furthermore, in order for a brand to be considered “trusted” they must adopt data security standards and best practices that encourage the perception that their brand is, indeed, trustworthy at all.
To be prepared, struggling brands should monitor customer feedback, engage with concerned users across social channels, and take proactive steps to ensure their own databases are secured. More than anything, however, is developing a risk management strategy that puts consumer data security as a high priority.