Welcome!

Industrial IoT Authors: Yeshim Deniz, Elizabeth White, Stackify Blog, SmartBear Blog, Liz McMillan

Related Topics: Cloud Security, Industrial IoT, Microservices Expo, Cognitive Computing , Agile Computing, Apache

Cloud Security: Blog Feed Post

Encrypt My Information, Please

When you provide that information to a company, what do they do with it?

By: Leigh Goldie

For the last few months, security breaches have been on the rise (or let’s just say have been receiving more news coverage). We have seen countless stories of large, popular websites being compromised by unknown, or later identified, hackers. The quest, it seems, is to determine how easy it is to access the personal information of customers from any popular company. The hackers are proud of their accomplishments, as they have gained access to tens of millions of users account information. But it seems they have a message for corporations – encrypt your customers’ personal information. But are companies being proactive?

When you personally work with any company – be it a bank, hospital, university, or social media site – as a customer you are providing them with personal information. This includes credit card numbers, account numbers, social security numbers, birthdates (which are easy to find in other places too), health information, passwords and more.

When you provide that information to a company, what do they do with it? They place it in a database for easy access whenever you need more information, want to purchase something, or have questions about your account. When they create their database, from their point of view, they look at storing information based on ways it will assist their company’s financial success. But now with the recent breaches occurring, it is essential for them to focus more on the importance of encrypting their customers information for their company’s and customers’ protection.

If you’ve never had an account compromised, talk to someone who has (I promise they will be within six degrees of Kevin Bacon). Ask them what happened, what they lost (financially or personally), and how hard it was to fix the breach or their credit scores. Unfortunately, they all have stories. Your goal should be to avoid those occurrences in your life by being proactive.

To do this, I have an idea. I would like to start a grassroots campaign where regular, ordinary people like you and me begin writing large companies demanding that our personal information be encrypted. Who should we write? Name a large company with whom you have been a long time customer. Got it? Now think of one more. It’s easy to come up with at least two companies which you have given personal information. I know I can come up with at least five off the top of my head. But if you need extra ideas, see the list below. It includes banks, credit card companies, insurance companies (auto, medical, health and life), financial companies, stores where you buy big ticket items, social media sites, and more.

Take five minutes to write a letter or simply copy and paste mine below. Sign your name at the bottom and make sure you include your contact information. Then, go to the privacy portion of their website. There you will find their privacy policy for your personal information. Under updating your personal information, or something similar, find their Send a Request to email address. From there, email your letter. Or to make a bolder statement so that there is a tangible copy in hand, use the address provided on that page for snail mail.

Another easy way to getting this point across is through a nonpartisan petition I created. You can find it here. It is written for the United States House of Representatives asking them to create a bill to securely encrypt consumers information within corporate/organizational databases. I plan to submit it to a few representatives from both parties that are either in or near my district in Ohio, or ones that I am betting would support this based on committees in which they have served. Please support this by signing the petition and encouraging your friends and family to do the same.

Cause and effect is a really important point that many companies and people within those companies do not take seriously enough. Help them see the light. Send them a letter telling them that you as a customer demand that your personal information be encrypted and secured before a security breach within their organization occurs. When they begin to hear this from a multitude of customers and constituents, they may just be encouraged to act.

If you would like to let us know to which companies you have sent a letter, or received a reply back from any company that you would like to share, you can reach us at [email protected]. You will find my example letter below along with a list of various large companies that you may be interested in contacting. Look at your monthly bills to add or create ideas of who to contact. I will keep you posted on the outcome of the petition, and thanks in advance for your signatures. Together, I know we can get this done.

To Whom it May Concern:

As a longtime customer of your company, I would like to know how and how well you encrypt my personal information within your company’s database. With the recent multitude of security breaches taking place, I believe it is essential to keep my personal information, including social security numbers, passwords, medical and insurance information, credit card information and contact information secure within your organization. Please let me know if the information is encrypted and what measures your company takes to ensure that my personal information is secure.

I am requesting a personal response and look forward to hearing from you soon. My contact information is listed below. Thank you for your time and attention.

Sincerely,

Your Name
Your Address
Your City, State Zip Code
Your Phone
Your email address

 

Here are links and other contact options to largely used websites that you may want to target if you are a customer or user:

Amazon Privacy Policy
Contact Amazon: If you do not have an Amazon account, click on the “Skip sign in” Link.

AT&T Privacy Policy
Contact AT&T: Email them at [email protected] or write to them at AT&T Privacy Policy, 1120 20th Street N.W., 10th Floor, Washington DC 20036.

Bank of America Privacy Policy
Contact Bank of America or Click on the feedback link at the bottom of this page

Chase Online Consumer Practices – note, even if you have a Chase account, it is the same as Bank of America.
Contact Chase: You will find a variety of contact information here.

Discover Card Privacy Policy
Contact Discover: 1-877-256-2632 or log into your account to email them. Address: Customer Service – General Inquiries, Discover Financial Services, P.O. Box 30943, Salt Lake City, UT 84130-0943.

Facebook Data Use Policy
Contact Facebook: Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025 or

LinkedIn Privacy Policy
Contact LinkedIn: You will need to be logged into your LinkedIn account.

Morgan Stanley
Contact Morgan Stanley: US Privacy and Data Protection Counsel, Legal and Compliance Division, Morgan Stanley & Co. LLC, 1221 Avenue of the Americas, 35th Floor, New York, New York 10020

Sprint Privacy Policy
Contact Sprint: Office of Privacy – Legal Department, Sprint Nextel, P.O Box 4600, Reston, VA 20195. It says they will respond to requests within 30 days.

Verizon Privacy Policy
Contact Verizon: Privacy Office at [email protected] or write to Verizon Privacy Office, 1320 North Courthouse Road, 9th Floor, Arlington, VA 22201. Fax: 703-351-3669.

Yahoo Privacy Policy
Help for Yahoo! Account
Write to Yahoo! Inc., Customer Care – Privacy Policy Issues, 701 First Avenue, Sunnyvale, CA 94089. You can also call them at 408-349-5070.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.

IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...