Capital One was hacked. The person who stole all of their information exploited a simple, rookie error in their firewall and gained access to millions of applications from small businesses and individuals. The applications dated back to the early 2000s and were just stored there. Not encrypted, not deleted after some period of time. They were in the digital equivalent of an open container labeled, “Treat with care, lots of personal information inside. No peeking.”
Experian was hacked. Three years ago culprits stole all the information users had given to T-Mobile for credit checks.
Equifax got hacked. Largest hack in recent memory.
How did the hackers get in? They used a bruteforce attack with millions of computers and the best resources from China, Russia and North Korea…No, they exploited a vulnerability in Apache that Equifax had known about for months and never bothered to fix. It took the thieves two months to get all the data they wanted and no one noticed. Two months. I guess Equifax was too busy selling credit protection for people who carelessly gave shoddy companies their personal information to worry about security.
The list goes on: Facebook, Verizon, TJ Maxx, Target et al.
So, let’s stop pretending that a) companies can protect your data, and b) that they are even trying. Honestly, they don’t care. $700 million fine for Equifax? Sadly, they may not turn as big a profit this year. $5 billion fine for Facebook? Their stock goes up because Wall Street thought the fine would be bigger.
It’s a joke. But who’s laughing?
You shouldn’t be. These companies profit off of your information. It’s yours. They take it from you (or you give it to them) and they sell it, or leave it lying around the floor and then sell you products to protect you from their carelessness. I was in Las Vegas during the Mafia’s final days. I can tell you, mobsters are no match for these companies. The only difference is that this type of extortion and robbery is legal.
What can you do?
First, stop making it easier to access your data. It is hard to not to provide information when you apply for credit, or a mortgage, or even a job, but there are hundreds of other ways people give up their information when they don’t have to. “It’s too late,” you say, “the damage is done.” Wrong, databases get updated all the time, and information can be rewritten. Start putting in bad information now, change your habits and the system will choke. It depends on you willingly being a sheep.
Tips for protecting yourself (because no one else is looking out for you)
Don’t give out your cell phone.
Want to protect yourself from malicious robocalls? Here’s an idea – don’t give away the phone number you are likely to keep for the rest of your life to everyone who asks for it.
Google wants your phone to protect your identity. No. Two factor identification can work with email.
Twitter wants my phone so I can tweet. No. Just say no.
All of these companies have options for customers who don’t provide a cell phone number. Use them. I don’t and I have some of these accounts. Don’t be lazy. Protect your phone. Say no. Say it again. “No.” “Hell, no.” Feels good.
Stop thinking the net owes you everything for free.
It is a truism of business that when you start a company, equity is your most important asset. Don’t give it away to everyone for nothing. The same is true for your personal information. Pay for things so that you are not the product. And if someone wants you to pay and still steal your information, buy a different product (I’m looking at you, Google). You don’t need Gmail. At least you don’t need Gmail more than you need a mortgage when your identity gets hacked.
Avoid loyalty programs.
Why do you think they give you discounts in exchange for your information at supermarkets, clothing stores and restaurants? Because they like you so much they are willing to pay for your loyalty? No, because they often make more money selling your information than selling you the goods they pretend to sell. Here is the deal: you pay them money, they give you goods. Owning your identity is not part of the deal. I shop at Vons mostly. They have a stupid loyalty program. Every time I go, I ask for a card and application. They give me one, swipe it and hand me the application. On my way out, I toss the card and the application. I figure I cost them a dollar each time I do that and I get the discount and they get no information. If we all do that, they have to stop. It’s easy.
Ecosystems benefit companies and monopolies, not you.
Think it makes sense to use an Apple phone, iPhone, Apple Pay, iTunes and everything else Apple wants you to use because it’s integrated? It does – for Apple. Change things up a bit. Use Bing on your Google phone. Use Mapquest so that Google doesn’t sell you location data. Turn off every app that wants your location, or spend twenty minutes limiting the info you voluntarily give your phone OS provider after you paid them $1,000 for the phone.
It doesn’t matter what your mother told you, sometimes it’s ok. What’s your phone number? 714.555.1212. It works on TV, so try it in real life. My email? Nunya@business.com. You don’t owe anyone real, truthful answers. Get disposable email accounts. Use them like trash and move on. Get what you want and deny these companies what they want. You owe them nothing, my friends.
Seriously, call your congressperson and your state representatives. Tell them you are tired of having no privacy rights. You are tired of having no protection. And then tell all of your friends. Go on Yelp and complain about the companies that insist on getting your information and then treat it like it has no value once they sell it. Getting mad brought on civil rights, stopped a tank in Tiananmen Square and makes companies think twice before giving political money to questionable causes.
Make a difference.
Think you can’t? You can. Companies fear you. The plural you, but it doesn’t take a lot of people to make a difference. A few people (loudly) saying no and these greedy companies pay attention. And if they don’t, a competitor jumps in and tries to fill the void. It’s all about money. Stop rewarding companies that make theirs by stealing who you are.
Why is this the subject of a company’s business blog? Two reasons: first, we often advise people and companies on how to protect data. It is part of what we do. It makes us sick to hear these stories over and over again.
Second, selling your most important asset and letting others treat it like it means nothing is bad business. And we are all about helping businesses succeed. It’s how we make our money, and no, we don’t collect or sell your personal information. If we get hacked, we have nothing on our servers of value.
Do you have suggestions for protecting your info? Send us some suggestions and we will print the best ones in our next blog.