In 2011, we experienced the dark side of social media sharing when New York Representative Anthony Weiner accidentally tweeted a suggestive photo that was never meant to be public. Even though he deleted the image minutes later, the damage was already done: the image was viewed, saved, and shared – creating a scandal that would eventually lead to his resignation. Now that scandalous image is still out there - and it’s going to stay that way. These highly publicized circumstances should give pause to anyone concerned about data security and the growing accessibility of information. The truth is, whether information is meant to be public or private, everyone should be concerned about data security issues, from organization-wide right down to each individual.
So how can organizations and individuals protect themselves from information security debacles, especially considering the prevalence of social media sharing?
Unfortunately, many people are unaware of just how much personal data is already accessible – and how easy it is to find certain information. Take Spokeo, for example. Anyone reading this blog post can jump over to Spokeo and look up a name, and, with very little information or effort, can find a corresponding address. Many people are flat out surprised to learn just how much personal information is potentially available out there. Now what if a criminal has access to not only your name, but also your birth date and/or your social security number?
Not only is your data available, it’s also almost impossible to bury once it’s made available on the web. If your data was made public just once, it’s now permanently public. Period. Even if you remove the data in question (cease and desist order or not), it’s likely your data is now stored elsewhere, possibly archived by others, potentially for later use.
So the reality is that your data is very likely still out there somewhere (possibly in multiple places) - and there’s nothing you can do about it.
Protection Starts at the Source
As more entry-level workers grow up freely engaging in social media sharing, the need to address overall organizational data security also grows. The accessibility of all data and the spread of accessible data is often overlooked or underappreciated, potentially resulting in serious consequences for organizations that hire individuals exhibiting this lack of awareness and/or who are not educated on overall data security issues.
Fortunately, there are multiple ways to address potential data security concerns. Remember, the best method is always prevention, as it’s much more difficult (if not impossible) to correct a data security issue after the fact.
Here are your best defenses...
Educating on Data Sharing. Widespread media integration isn’t going anywhere – and that’s typically a good thing for our society. However, your people need to know and understand the implications of sharing personal and company information and media online and the severity of the consequences that come with misuse, especially when it comes to social media. Ensuring this education takes precedence over simply establishing company policy without the backup of true understanding.
Enacting Data Security Policies. Organizations should write and enforce internal policies regarding the accessibility and sharing of protected information when using web services. This should include the big stuff (like clearance levels on and protection of sensitive customer information, such as credit card numbers), as well as the “little” stuff, (such as documenting the appropriate information to share when signing up for a company Facebook page, or registering on a website like MKE123, or when filling out forms or surveys online. [Read more: Common Sense: A Guide to Social Media Policy]
Reading Terms and Conditions. How many times have you clicked right past the Terms and Conditions, checking the I Understand box without bothering to read anything? Instead, always read the Terms and Conditions of all websites and software you use. This applies to individuals and organizations alike. Sure, no one reads that stuff and it takes a long time to read – but hey, those website and software development companies know you’re not paying attention to their Terms and Conditions. Many social media sites lay claim to your information, sometimes whether your profile is public or not. This means you’re giving away free information to a company who knows they can do whatever they like with it.
Understanding and Changing Security Settings. It’s important to understand which portions of your digitized information are accessible to the web-surfing public. Review your security settings carefully to be sure you’re only sharing with those people you know, instead of the whole world. You can discover how other people view your data by googling your name. (Be sure to sign out of all your accounts beforehand to get a true picture.)
Advocating for Simplified Terms and Conditions. This is not to say companies should put themselves at risk. Instead, wouldn’t it be helpful if that loooooong set of Terms and Conditions contain all the legalese required, but perhaps with a half-page summary at the top that briefly explains those Terms and Conditions in an understandable format? And how about extending the same courtesy whenever changes are made?
Lobbying for Reasonable Personal Rights to Damaging Personal Information. There is a strong case for allowing individuals to remove damaging information, and an even stronger case for a helpful and responsible approach to the removal of blatant personal misinformation from the web. This is a delicate issue in the United States, as many consider this a matter of free speech. As such, these types of privacy laws are much more prevalent in the European Union (EU), such as under the Data Protection Directive, for example. This directive prevents the sale of personal information without permission, and more.
With awareness, education, and advocacy, the future of data security looks a lot brighter for all of us. Stay connected with individuals and organizations (like SmartWave) to ensure you stay informed on data security and other issues we face as the future of technology continues to unfold.