Data Security Is Your Problem

No really, it’s yours.

By now, much of the immediate dust from the Target credit card breach that rattled consumers and dominated the news has settled. But what is the takeaway?

Reports have come out that a failure in a vendor security process opened Target’s network up to the hackers. But following this incident, I’ve received notices from two other high-profile companies telling me that my account has been compromised. And it’s probably happening every day, some where. We might just be more aware of it because the Target breach has forced companies to examine their systems and step up when they find holes. But collectively we’re also starting to recognize some of the vulnerabilities that exist within security practices, no matter how stringent they are.

Why was the response to the Target breach so visceral?

The Target incident incited strong reactions. As the breach unfolded, people reacted as if Target had done something to them or as if they’d committed a crime. They were angry. But why, and was it warranted?

We’re entitled. We live in an entitled culture wherein we believe that whatever we expect or whatever we think should be, is a reality. We expect that Target is impenetrable and we think they should be hack-proof, but that’s not a promise they made us. Feeling entitled when it comes to security will only put us more at risk.

We believe software is magic. We — as a society — have this tendency to believe that software and technology can and should solve all our problems magically and without error. But it never will. It’s not realistic because even the best software is never perfect and will have vulnerabilities.

We believe that technology is an island. Software doesn’t begin and end with technology. It begins and ends with people — people make it and people use it. Along the way, people create more vulnerabilities than software.

My take on what happened

Don’t blame Target: what happened to them could have happened to any company in the same way that a burglary could happen to any person in any home. I kept seeing people post things like, “I’m going to take my business elsewhere.” That’s absolutely an option, but, in my mind, wherever else they took their business is equally as vulnerable to possible security compromises.

We should not look to businesses to protect us from breaches and software compromises.

How to think moving forward

It’s time to think of online security more like we think of offline security. We’re at the technological equivalent in time when people had to start putting locks on the front doors of their houses and using them. Data sharing is a way of life now. Credit cards, e-commerce, and online banking all rely on personal data being transmitted to companies via technology. Because data sharing is a way of life, data security is a way of life now, too. We own our data and we choose how to store and use it.

When we get in our cars every morning, we put on a seat belt. As we drive through our cities, we use our blinkers and mirrors, and check our blind spots. We do all of this to keep ourselves safe as we operate the vehicle. The vehicle makers have responsibility to build the car with features that will help us, and we are responsible for using these helpful features for our own safety.

That’s the attitude we have to adopt when it comes to technology: companies and individuals have to take proactive steps to be safe. Target had many procedures, policies, and protections in place to guard against infiltrations. But intruders still got in because that’s simply a reality of the big business, virtual world. We can’t rely on organizations, companies, and brands to protect our data in the way that we would. They simply can’t do it. One of the primary reasons is because they’re big targets — hackers will spend amazing amounts of time and energy trying to break large companies’ systems, more time that we can even imagine. It’s a waste of our time to threaten or blame big companies when they experience a reality of doing business in today’s world.

What to do moving forward

We can’t expect that companies will fully protect us. Instead, we have to attend to our personal data security as much as we attend to locking our front doors at night. Once we accept personal responsibility, it’s easy to take the next steps.

Don’t give up your data easily. When you use a credit card, you are choosing to share your personal data. When you opt for the convenience or deals of online shopping or the quick swipe of a card in-store, there is a cost — you are opening yourself up to a breach. If that convenience isn’t worth it, or if you are not willing to regularly change the passwords linked to those cards, don’t share your data. Go to a store and use cash.

Monitor your statements. Monthly statements are important, but you can check your daily activity by logging into your cards’ sites. See what was charged and in what amounts. If it sounds too taxing to do that card-by-card, there are credit monitoring services that you can pay for that will alert you to any atypical activity on your cards.

Limit the number of credit cards you use. Don’t apply for and open cards freely and casually. The fewer cards you have, the less data you have to share and to watch.

Don’t use one password for everything. Having only one password makes it easier for someone to access multiple accounts. There are password management tools that not only store your numerous passwords in a virtual vault, but can generate really safe passwords. LastPass and OnePass are great examples.

Most importantly, we have to start thinking of our personal data as being valuable. The world is changing and our data is as precious as our heirlooms and the money in our pockets. And just like those things, we have to be personally accountable for their safety.

—