Is Your Data Safe?

There is an ongoing discussion on what would you rather lose, your wallet or your cellphone?  My unscientific research tells me that the 50+ age group would say their cellphone as most of us still carry credit cards, pictures of family, and other important information in our wallet that would take us hours to report and replace if our wallet went missing.

The younger generations would almost unanimously shut down without their phones until they could get to a store and download everything from the cloud.  

Every month we hear about another data breach at T-Mobile, affecting their customers and those of their MVNOs.  And Boost /DISH was not immune to a hack last month that crippled their systems for days and is not totally resolved.

With so much of our information now stored on our handsets, it is a critical part of every carrier’s responsibility and commitment to protecting their customer’s private information.  But is what they’re doing enough?

Is My Carrier Protecting Me to the Best of Their Capabilities?

From multiple sources, here is what the carriers are doing to protect your data:

1.  Encryption: Wireless carriers encrypt the data transmitted over their networks using protocols like HTTPS, SSL, and TLS.  Encryption converts the data into an unreadable format that authorized parties can only decipher with the appropriate decryption keys.
2. Authentication: Wireless carriers use authentication mechanisms to ensure that only authorized users can access their networks. This can include methods like passwords, PINs, biometric authentication, or two-factor authentication.
3. Firewalls: Wireless carriers employ firewalls to prevent unauthorized access to their networks. Firewalls are software or hardware-based security systems that monitor and control incoming and outgoing network traffic.
4. Network Monitoring: Wireless carriers constantly monitor their networks for any unusual activity or security breaches. This allows them to detect and respond to potential security threats quickly.
5. Data Management: Wireless carriers have strict data management policies that ensure that customer data is protected from unauthorized access or misuse. This includes measures like data classification, data retention policies, and data access controls.
6. Regular Auditing: Wireless carriers regularly audit their security systems and processes to identify and address any vulnerabilities or weaknesses.

But…. Is This Enough?

The European Union (EU) passed the General Data Protection Regulation (GDPR), which is a law that sets guidelines for the collection and processing of personal information from individuals. The law was approved in 2016 but didn't go into effect until May 2018. The GDPR provides consumers with more control over how their personal data is handled and disseminated by companies. Companies must inform consumers about what they do with their data and every time it is breached. GDPR rules apply to any website regardless of where they are based. (General Data Protection Regulation (GDPR) Definition and Meaning (investopedia.com).)

The United States does not have a single federal law that is equivalent to the European Union's General Data Protection Regulation (GDPR). However, there are several federal and state laws that regulate the collection, use, and disclosure of personal data in the United States.

In addition to these federal laws, many states have their own data protection laws. For example, California has the California Consumer Privacy Act (CCPA), which is similar in some respects to the GDPR and sets out certain rights for California residents regarding the collection and use of their personal data.

This is all and good once your company or service provider has been hacked, but how do you prevent yourself from getting put in this position?

One solution is to charge customers more to protect their information if the carrier’s safeguards don’t do the trick.  My friend, Haseeb Awan, CEO of Efani, tells me that,

“Efani was born out of personal necessity when major carriers failed 4 times in a row against SIM. Efani only works with high-profile high net worth individuals and executives with high-risk profiles. While all big carriers are focused on serving the mass market, we realize that there is a small percentage of buyers who're happy to pay a premium for their data not being sold.”

Similarly, when I spoke with Brandon Simas, CEO of soon-to-be-launched Continuously, he echoed Haseeb’s point of view. 

“Our customers require the highest level of security.  We are providing our customers with levels of digital security that have been historically reserved for government-level individuals.  Since high network individuals are having highly sophisticated targeted attacks levied against them, we are securing their communications at all levels from the network to the device.”

Cyber Attacks Are on the Rise

There is a very interesting article by Maddie Shepard on what small businesses are seeing with regard to cyber-attacks.  If you have time, read the entire article.  30 Surprising Small Business Cyber Security Statistics - Fundera Ledger

Here are three Cyber Security statistics that jumped out:

1. 43% of cyber attacks target small businesses.
2. 60% of small businesses that are victims of a cyber attack go out of business within six months.
3. Human error and system failure account for 52% of data security breaches. 

When you look at these types of hacks, ask yourself, “is my organization doing everything in its power to assist our carrier in protecting our customer’s data?”  Here are some great tips from our friends at Maryville University who put out an outstanding paper on ways that individuals and companies can help prevent cyber attacks:

• Use Robust Cybersecurity Software
  • Invest in software that has been designed to block ransomware
  • Keep your firewall updated and optimized to defend against cyber attacks

• Promote a “Security-Focused Culture
  • Hold regular training sessions for employees to help them recognize external threats
  • Teach employees strategies for minimizing their risk of being hacked

• Invest in Cyber Security Insurance
  • Despite the high cost of a data breach, only 15% of US businesses have cyber insurance

• Back Up and Encrypt Data
  • Be sure to encrypt employee information, customer information, and all other business data

• Secure Hardware
  • Consider physically attaching desktop computers to the desk to prevent intruders from stealing company equipment
  • Install “find my device” software on all company equipment

After reviewing the items above, do a self-test; is your company doing ALL of the above?  You can only rely on the carrier to do so much.  YOU are the one responsible for protecting your company’s sensitive employee and customer information.

The situation of cyber threats and hacks will not fix itself anytime soon.  It is imperative that all of us keep our guard up and take all of the necessary steps to continue the fight against this growing threat.

Good Selling!

Jon