Privacy: Some crave it, others don't. Yet in this world of social media over-sharing (though that's the curmudgeonly INFJ personality type in me talking), there apparently are many everyday citizens who expect to save a few of their personal details for themselves.
I find that heartening, especially when cringing during those times I've seen friends, acquaintances and not-so-close connections bearing their souls through the posting of Facebook updates (leaving aside, of course, mentions of Myers-Briggs test results). Yet, that desire for privacy and keeping sensitive data safely in one's mind (and/or pocketbook) might be a wee bit naive if one accounts for the more than 4.8 billion data records that have been exposed since 2013, according to Gemalto's H1 2016 Breach Level Index.
Identity theft is at the top of the data breach food chain, accounting for 64 percent of all breaches, the Index states further. And while that's no surprise, really, what is a little perplexing are the responses Gemalto received to its 2016 Data Breaches and Customer Loyalty report. Sure, according to this report, about 60 percent of the 9,000 consumers globally surveyed are worried about being victims of a breach. And, yes, nearly 80 percent use social media, but only 58 percent think these platforms are risky. About 90 percent use online or mobile banking. Meanwhile, a mere 34 percent think these applications leave them vulnerable. Another 30 percent think companies take their personal data security very seriously.
There is concern and care about how companies are or are not acting as good shepherds of personal details. At the same time, there is the continued use of services and applications that people think could lead to personal data being exposed or breached. That's where an interesting stat comes into play: 70 percent of respondents believe companies are responsible for protecting their data versus the other 30 percent who say they themselves hold some responsibility in that endeavor.
Organizations are beholden to their customers and clients. Once an enterprise or group agrees to track or take on any personal or sensitive information from individuals, the onus is theirs alone to keep it safe and sound from dastardly cybercriminals. Facts are facts.
However, individuals should be educating themselves in whatever ways they can about the technological tools, applications and services they're using. They should know a bit about the possible risks and take whatever measures they can themselves to help in protecting themselves and their data.
Of course, there are some folks who just aren't that willing or able to grasp some of the cybersecurity risks they face. Believe me, like all of you, I have a mom and, like many of you, help her constantly on these matters. But, a little assistance here from companies doesn't hurt either.
A longtime industry friend of mine, well before it was popular, was sending out customer newsletters on internet risks maybe 10 or so years ago. He created a special section on his company's site just for their customers about data breaches, regulations, identity theft and help people can get from his company, other groups, law enforcement and government agencies. He followed up internal security and awareness training sessions with tips about how they also could protect themselves and their loved ones at home. He and his staff participated in educational programs at local schools.
Some in this industry steadfastly believe training the average end-user is useless. They often contend they don't care about security, they can't learn about security, they won't listen, they don't retain what information is given, yadda, yadaa… I think that is one hell of a negative and short-sighted view. Of course, there will be those who just don't get it. Then there are those who do and who bolster you and your company's security initiatives in ways they you may not expect.
Without security, we don't have privacy. We all have roles to play. Given the knowledge we who live the information security field everyday have, sharing it is just the right thing to do. And, ultimately, it could be one hell of a mighty beneficial one that helps both privacy and security aims.