How Safe Is Your Personal Big Data?


      Bookmark and Share

BEST PRACTICES SERIES

You say you don't have any personal Big Data? Not worried about cloud storage? Think again. Private data, including passwords, are breached almost every month. WikiLeaks is the poster child for loss of massive amounts of classified information, all due to poor oversight of personal external drives. Most recently the case of Mat Honan, a Wired magazine journalist, comes to mind. Privacy breaches and lost data aren't always due to personal carelessness, although that is often a contributing factor.

Loss of privacy or data isn't a new problem. Think back to the 1990s, when many of us moved from dial-up to broadband for our personal computers. I saved all my digital information on an offline 100MB Zip drive and got barely 25 emails each day. Separately, I ran a firewall tool that came with my broadband service to see who might be trying to break into my PC. I was surprised how many probes there were, most from far-flung countries that I would never choose as vacation spots.

Fast-forward to today. I have a multigigabyte USB drive (that I lost for a while), personal data scattered throughout popular social media sites, hundreds of emails daily, hundreds of passwords to keep track of, several antivirus and firewall services. The boundary between my work and personal life is fuzzy. I've read the notice that I should have no expectation of personal privacy at work, and I have decreasing expectations of privacy at home.

Now back to Honan's story. He lost irreplaceable pictures on his Mac; his iPhone and iPad data was also wiped; and he lost all his many years of Google email. In Honan's case, he contributed to his problem, but he was also an innocent victim. The classic shoemaker's son who didn't wear shoes, he never backed up his Mac (thus he could not retrieve the lost files). Yet he was also an innocent victim, losing everything else not due to technical genius hackers (of which there are many) but to a smooth-talking criminal.

If it can happen to Honan, it can happen to anybody. As in Honan's case, there is no perfect protection, only mitigation options. What can we do to protect our information and our privacy? To simplify, let's take smartphones out of the equation and assume two-factor authentication isn't practicable even though it can be a powerful piece of the solution. (Your ATM card and private pin are an example of two-factor authentication.) Perhaps you use too many PCs or do not always have access to authentication software, available even as apps these days. Here is a three-question test to assess your own vulnerabilities. First, do you use strong passwords? Your strong passwords should mix numbers, alpha, and other characters in uppercase and lowercase. Make part of each password updatable so you can periodically change them but maintain their strength. Consider using fake secret answers too-our parents' names are publically available. Then store your list of passwords and secret answers in a strongly password-protected file of your choosing such as Word or Pages.

Second, is your USB drive password-protected and encrypted? If not, buy one that is. Transfer files (including your password-protected list of passwords) from the old USB to the new one, create a strong password to protect the new drive, and smash the old one to smithereens.

Finally, do you back up your files to offline storage? You can supplement those backups with a cloud-based backup services if you choose, but-call me a Luddite-you lose control when you do that. Cloud security is a very complex topic to assess. Using cloud storage requires an act of trust in the vendor you choose. At this time, I believe none has a sufficiently credible track record to entrust all your files with them. If you already use one of the popular cloud storage or sharing services, consider storing only items there that wouldn't be a disaster if compromised. Of course, do not store your password-protected list of passwords there or anywhere online. We can't avoid cloud storage or applications such as email completely, but no less than Steve Wozniak was quoted in the trade press recently saying that he was worried about the cloud. "I really worry about everything going to the cloud ... I think there are going to be a lot of horrible problems in the next five years." If I am a Luddite, I am in good company.

How did you do on the test? The future will provide your grade.