Identity is Security: With Great Power Comes Great Responsibility

Our personal data is sacred. It is the digital footprint that holds us up and allows us to live our lives out online, but once it’s out there (and in the wrong hands), our footprint becomes wider—and not in a good way. That’s why this week, a headline in CSO caught my attention. A large direct marketing list now circulating on the grey market revealed highly sensitive data on 200 million U.S. citizens. That is a very large number, and makes you stop and think – how necessary was it to collect every last bit of that data in the first place? The best way to secure customer data is not to collect it in the first place, obviously. While that is clearly not an option where marketing is concerned, ‘less is more’ should become the rule of thumb. That’s what identity has taught us time and time again—visibility into personal data, what personal data is being stored, who is responsible for it, and most importantly who can access it – is crucial. It’s a great reminder on the importance of taking a step back and putting the security lens on things, not just something to consider for those of us in marketing, but something anyone in business today should always be thinking about. The importance of securing access to sensitive data, customer data or otherwise, cannot be underestimated.

But, this is something Facebook, and its offshoots, continue to get wrong time and time again. Another terrible headline for Facebook this week, as it’s battling another data leak that affected millions of users. A security researcher discovered a public Amazon Web Services database containing the contact information of more than 49 million Instagram accounts. The leak exposes email addresses and phone numbers of its ‘influencer accounts’—information that the social media site allegedly keeps private. These accounts typically have giant followings and are highly visible so it’s pretty clear why that type of data would be valuable to a would-be hacker. It’s headlines like these that make you stop and think, as a consumer, are the sites that I share my personal information with doing their best to keep that personal data safe? Knowing that the answer is probably ‘no,’ I would suggest to each of you that you continue to avoid oversharing on social media but also make sure you aren’t re-sharing your passwords across your various personal and work accounts. Once one account is breached, hackers have wizened up and know that once they have one set of credentials, it’s likely that they’ll be able to login to other accounts associated with those credentials. Don’t let them win – keep changing up those passwords and make them unique to every account you own.

Finally, we close this week’s roundup by celebrating the first year of the EU’s GDPR. Our own Mike Kiser wrote a blog about the anniversary: One Year Down: GDPR by the Numbers. From what I gather so far, GDPR came out with a bang (over $60 million in fines and counting), and we’re only just beginning to see the implications here. From the over 60,000 breaches reported since GDPR was enacted, it is imperative that we continue to be vigilant —  our identities are vulnerable, and we need to protect them at all costs. With great power (data) comes great responsibility (protecting it)—let’s see to it that we do that with identity.

Until next week, cyber squad!

Discussion