For #CyberSecurityAwarenessMonth, I'd like to start with a basic assumption we often seem to overlook:
If you don't need the data, don't keep it. Or put another way: you can't lose what you don't have.
Cheap (virtually unlimited) storage encourages us all (people and organizations) to keep lots of sensitive data we don't need - and there are plenty of examples of that coming back to bite people in sensitive places.
As #CyberSecurityAwarenessMonth winds down to the final few days, I'd like to bring up a few #OnlinePrivacy thoughts - after all, privacy and security ride in the same cart, even if they aren't exactly the same. Sadly, online communications these days don't make it easy to understand your privacy options, or protections. So here are a few concepts to help guide you.
If you post it online, it never goes away. - This is primarily about social media solutions, but is a general guideline to remember anyway. So when you post something, know that it will be there in 10, 20, 30, 40 years. Even deleting a post later doesn't really mean it goes away, unless you live somewhere covered by GDPR data protections, and even then things are iffy.
Stop sending private date via 'Internet postcards.' - SMS/MMS (texting) and email (along with many instant messaging solutions) are effectively the same as postcards through the regular mail. The post office can read your postcard, the local postal carrier can also read that - would you post your SSN, credit card number, or other private data on a postcard? I certainly hope not. These online solutions are the same as those: your cellular provider (and your recipient's provider) can read your SMS messages. Every email forwarding system between your mailbox and your recipient's can read your email. And every free email solution I'm aware of (Gmail included) is mining your inbox for advertising data to share your preferences and interests with advertisers. That means they have algorithms and even possibly AI reading your email - so that stuff is intentionally slurping up all those postcards.
Do not confuse "will not share" with "cannot share" your data: - If an online solution tells you they won't share your data, that can mean they have the ability to see and read your data, but they will not use it beyond whatever they feel they can do with it short of sharing it out. That's a choice they are making. That's also a promise they're making to you - that your data will be protected from a breach situation as well. (we know what an empty promise that can be these days) However, when a company tells you they cannot share your data because even they can't actually read your data, you've got something going. @signalapp is one of this group of organizations. They, and their peers (of which there are disappointingly few), are not promising they'll "choose" to respect your privacy subject to the whims of their C-suite, they're promising you they can't violate your privacy with regard to the content of your messages because they can't read the payloads anyway (and neither can anyone but your intended recipients - to within the best of everyone's abilities. So read privacy statements carefully, and pick good communications solutions to protect your privacy.
Following these three guidelines won't guarantee your privacy online, but they will help significantly.
Bill Bernard