Safety first
December 2018
Such is the relentless flow of data leaks and pilfering of our personal information from companies that ought to have kept it safer, I’m tempted to bring out a regular appendix to this column entitled ‘breach of the week’. It would list the mess-ups, muddles and successful data thefts that have been reported by some of the organisations who claim to ‘take the security of your data seriously’.
It wouldn’t be a riveting read, but there would be no shortage of material, because under new laws companies must publicise these blunders quickly. Hitherto, many were inclined simply to keep quiet. The news usually leaked out eventually, which, of course, made everything look worse. In business, there is a very old and good rule relating to bad news: tell it all and tell it fast.
As I write this, the juiciest two of the current crop are from Facebook and the Tory party. The Tories have a problem in this area; they somehow manage to look out of their depth much of the time. It must be especially galling for the them because the Labour Party are very sharp at the digital stuff.
This time the Tories set up a phone App for use during their conference, and then allowed it, briefly, to expose the phone numbers of all MPs and journalists who were registered with it; what’s more, users could edit the information. Predictably, some rascals had fun with some of the MPs photos. I doubt that much harm was done, but there is no doubt that the Tories were guilty of a breach of personal data security. They may be fined, and so they should be; when we trust our details to an organisation we don’t expect them to be passed around.
Then there is the recent Facebook calamity; a much more serious problem, at least in terms of scale. For a while (probably since 2017) hackers have been able to exploit a weakness in the website to view all the personal details of up to 90m Facebook users; names, addresses, credit card details, the lot.
The odd thing is it seems not to matter to Facebook users. Within my own circles I detect a sense of weariness about Facebook and a feeling that its time is over. I suspect, however, that we don’t know what we are talking about.
If you believe the headlines, the game is up. ‘Face book loses $100bn in value!’ Well, yes, but the share price is still higher than it was in May; in just three months this year it generated $13bn in revenue, up 40%, and user numbers were up 11%. It employs almost 50% more people than they did a year ago. It seems to be a money machine.
The truth is I suspect that 95% of its users don’t care about the data issues, and most of the 5% that do are still registered with it (like me). The cash keeps on rolling in.
So how should those of us who do care protect ourselves? It’s not easy, but there is one small step I can recommend which might help you sleep a little sounder. Stop storing your credit card details on shopping websites like Amazon and Marks & Spencer. I know it makes buying online even easier if you do, but it also means that your financial nether regions are exposed to any successful hacker that gets past the defences.
Just like the bank robber Willie Sutton, who said that he robbed banks ‘Because that’s where the money is’, hackers go after the likes of Facebook and Amazon because that’s where the data is.
So, please, think twice before storing your cards on a retail website. They will all be hacked sooner or later.
A little more to look at:
Facebook Statement: You can read what Facebook themselves say about the breach here by clicking here.
Tories
Click here Watch the Conservative Party Chairman say predictably, that ‘they take it seriously’. I am amused that he boasts that they are ‘in touch with the Information Commissioner’ as if it shows how serious they are, without mentioning that they don’t have a choice. The legal wording is “Organisations … must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms.”
