Welcome!

Industrial IoT Authors: Elizabeth White, Stackify Blog, Yeshim Deniz, SmartBear Blog, Liz McMillan

Related Topics: Cloud Security, Industrial IoT, Microservices Expo, Cognitive Computing , Agile Computing, Apache

Cloud Security: Blog Feed Post

Encrypt My Information, Please

When you provide that information to a company, what do they do with it?

By: Leigh Goldie

For the last few months, security breaches have been on the rise (or let’s just say have been receiving more news coverage). We have seen countless stories of large, popular websites being compromised by unknown, or later identified, hackers. The quest, it seems, is to determine how easy it is to access the personal information of customers from any popular company. The hackers are proud of their accomplishments, as they have gained access to tens of millions of users account information. But it seems they have a message for corporations – encrypt your customers’ personal information. But are companies being proactive?

When you personally work with any company – be it a bank, hospital, university, or social media site – as a customer you are providing them with personal information. This includes credit card numbers, account numbers, social security numbers, birthdates (which are easy to find in other places too), health information, passwords and more.

When you provide that information to a company, what do they do with it? They place it in a database for easy access whenever you need more information, want to purchase something, or have questions about your account. When they create their database, from their point of view, they look at storing information based on ways it will assist their company’s financial success. But now with the recent breaches occurring, it is essential for them to focus more on the importance of encrypting their customers information for their company’s and customers’ protection.

If you’ve never had an account compromised, talk to someone who has (I promise they will be within six degrees of Kevin Bacon). Ask them what happened, what they lost (financially or personally), and how hard it was to fix the breach or their credit scores. Unfortunately, they all have stories. Your goal should be to avoid those occurrences in your life by being proactive.

To do this, I have an idea. I would like to start a grassroots campaign where regular, ordinary people like you and me begin writing large companies demanding that our personal information be encrypted. Who should we write? Name a large company with whom you have been a long time customer. Got it? Now think of one more. It’s easy to come up with at least two companies which you have given personal information. I know I can come up with at least five off the top of my head. But if you need extra ideas, see the list below. It includes banks, credit card companies, insurance companies (auto, medical, health and life), financial companies, stores where you buy big ticket items, social media sites, and more.

Take five minutes to write a letter or simply copy and paste mine below. Sign your name at the bottom and make sure you include your contact information. Then, go to the privacy portion of their website. There you will find their privacy policy for your personal information. Under updating your personal information, or something similar, find their Send a Request to email address. From there, email your letter. Or to make a bolder statement so that there is a tangible copy in hand, use the address provided on that page for snail mail.

Another easy way to getting this point across is through a nonpartisan petition I created. You can find it here. It is written for the United States House of Representatives asking them to create a bill to securely encrypt consumers information within corporate/organizational databases. I plan to submit it to a few representatives from both parties that are either in or near my district in Ohio, or ones that I am betting would support this based on committees in which they have served. Please support this by signing the petition and encouraging your friends and family to do the same.

Cause and effect is a really important point that many companies and people within those companies do not take seriously enough. Help them see the light. Send them a letter telling them that you as a customer demand that your personal information be encrypted and secured before a security breach within their organization occurs. When they begin to hear this from a multitude of customers and constituents, they may just be encouraged to act.

If you would like to let us know to which companies you have sent a letter, or received a reply back from any company that you would like to share, you can reach us at [email protected]. You will find my example letter below along with a list of various large companies that you may be interested in contacting. Look at your monthly bills to add or create ideas of who to contact. I will keep you posted on the outcome of the petition, and thanks in advance for your signatures. Together, I know we can get this done.

To Whom it May Concern:

As a longtime customer of your company, I would like to know how and how well you encrypt my personal information within your company’s database. With the recent multitude of security breaches taking place, I believe it is essential to keep my personal information, including social security numbers, passwords, medical and insurance information, credit card information and contact information secure within your organization. Please let me know if the information is encrypted and what measures your company takes to ensure that my personal information is secure.

I am requesting a personal response and look forward to hearing from you soon. My contact information is listed below. Thank you for your time and attention.

Sincerely,

Your Name
Your Address
Your City, State Zip Code
Your Phone
Your email address

 

Here are links and other contact options to largely used websites that you may want to target if you are a customer or user:

Amazon Privacy Policy
Contact Amazon: If you do not have an Amazon account, click on the “Skip sign in” Link.

AT&T Privacy Policy
Contact AT&T: Email them at [email protected] or write to them at AT&T Privacy Policy, 1120 20th Street N.W., 10th Floor, Washington DC 20036.

Bank of America Privacy Policy
Contact Bank of America or Click on the feedback link at the bottom of this page

Chase Online Consumer Practices – note, even if you have a Chase account, it is the same as Bank of America.
Contact Chase: You will find a variety of contact information here.

Discover Card Privacy Policy
Contact Discover: 1-877-256-2632 or log into your account to email them. Address: Customer Service – General Inquiries, Discover Financial Services, P.O. Box 30943, Salt Lake City, UT 84130-0943.

Facebook Data Use Policy
Contact Facebook: Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025 or

LinkedIn Privacy Policy
Contact LinkedIn: You will need to be logged into your LinkedIn account.

Morgan Stanley
Contact Morgan Stanley: US Privacy and Data Protection Counsel, Legal and Compliance Division, Morgan Stanley & Co. LLC, 1221 Avenue of the Americas, 35th Floor, New York, New York 10020

Sprint Privacy Policy
Contact Sprint: Office of Privacy – Legal Department, Sprint Nextel, P.O Box 4600, Reston, VA 20195. It says they will respond to requests within 30 days.

Verizon Privacy Policy
Contact Verizon: Privacy Office at [email protected] or write to Verizon Privacy Office, 1320 North Courthouse Road, 9th Floor, Arlington, VA 22201. Fax: 703-351-3669.

Yahoo Privacy Policy
Help for Yahoo! Account
Write to Yahoo! Inc., Customer Care – Privacy Policy Issues, 701 First Avenue, Sunnyvale, CA 94089. You can also call them at 408-349-5070.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.

IoT & Smart Cities Stories
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
Early Bird Registration Discount Expires on August 31, 2018 Conference Registration Link ▸ HERE. Pick from all 200 sessions in all 10 tracks, plus 22 Keynotes & General Sessions! Lunch is served two days. EXPIRES AUGUST 31, 2018. Ticket prices: ($1,295-Aug 31) ($1,495-Oct 31) ($1,995-Nov 12) ($2,500-Walk-in)
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...