We’re in the Data Breach Age and it’s more important than ever to protect your customers’ data. Sure, protecting people’s data has ALWAYS been the right thing to do but the proliferation of data breaches makes it obvious that the incumbents were caught with their pants down. Whether you’re starting up a new business or trying to tighten your existing practices here are some approaches to make sure the same thing doesn’t happen to you.
1. Don’t store it.
This is a simple but effective strategy. Small and large businesses should be asking themselves this question everyday: “Do I really need this data?”
What you don’t have cannot be breached, leaked or stolen. Having sensitive data about your customers is a liability and it comes with great responsibility. People’s lives and livelihoods are at stake since a breach by your organization could provide hackers that bit of information they needed to get into a crucial account or make a fraudulent insurance claim.
2. Anonymize data you do need.
In some cases data is required for future use. Here consider not just what data you really need on hand to accomplish your goals as a business but what form that data has to be in. Sure, maybe you do need your client’s’ location information BUT do you really need GPS coordinates accurate to 10 feet? Would 100 feet or even 10 miles be close enough? Can you use city and state rather than a full street address?
But wait, there are sometimes cases where you just need to compare a future value to a value provided in the past, right? Security questions are an interesting example of these – you don’t really care to know my mother’s maiden name or my high school’s mascot on file – you just want to know that if I provide that value again in the future it matches the one I provided in the past. One solid approach for this is to use a “one-way hash”.
As long as what you’re storing is very hard to guess (and properly “salted”) – this is a better option that encryption. Why? Because while it can be very, very difficult to break – encryption can be reversed with enough time and effort. If you know you never need the data again – why take this chance?
One way hashes are irreversible. BUT they allow us to test that we have the same result later without forcing us to extract that data… In fact, we can do this comparison without the private data ever hitting the secure system – hashing the data in two completely different locations (e.g. on two remote systems) then send it to a central server for comparison – ensuring we never touch the sensitive data and systems doing the guessing cannot cheat.
3. Encrypt everything else.
Consider what kind of data you need to get to for your running systems. If you can figure out how to run your business and involve your users whenever their data is going to be used – you can uniquely encrypt every record – without holding the keys.
How? In it’s simplest form this is by forcing the client to hold the key required for every transaction. In a web browser this could be done via a session cookie. In the physical world this sort of function could be provided by a mobile device.
Not holding the keys to what you’re storing makes it much more difficult for a would be hacker to access your data – even if they get into the system. Think of this like a safety deposit box. You hold one key, we hold the other… we cannot get into the system without you.
This has certainly made things more challenging at Token of Trust – where we always start with this question when we’re considering a new feature: “Do we have access to the data we would need? How do we get the user involved to consent to accessing their data?” But… isn’t this exactly the right type of conversation to have? Don’t you want the businesses YOU work with to be thinking about how to keep you safe as they implement every new feature or service?
4. Be un-hack-tractive.
Beyond these facts – when you work hard to get rid of data you don’t need, anonymize data you keep and encrypt everything else – you become a much less attractive target to hackers. Hackers know that not only is it going to be hard work to get to your data but it’s likely to be worthless when they actually get there – there are better ways to spend their time and resources.