Button Up

How to Keep Security of Personal Data

Pavel Korobov
Pavel Korobov
4 Feb 2015

Personal data has exceptional value for hackers. In 2014, hackers discredited information of user accounts of many major services, as Sony PlayStation Network, Gmail.com, Mail.ru, Yandex.ru, Xbox Live, HTC, McDonalds, AT&T, China Railways and many others. Today we want to talk about how to keep security of personal information in cyberspace.

Many of today's security systems are based on the protection of personal information of users, so data leakage can potentially weaken the level of security for not only a specific individual user or site, but the Internet in general.

Each violation of security leads to leakage of personally identifiable information and has a cumulative effect. The Internet stores a huge set of personal data that hackers can steal and form with it the full profiles for each user in the Internet. Cyber thieves can get access to a personal account on websites or bank accounts with just a few parts of stolen personal data.

Two types of personally data

Personal data is a very broad concept that includes a variety of information that can be used to identify individuals. Such data can be divided into two types: static and dynamic.

Dynamic personal data includes information such as credit card numbers, bank accounts, email addresses and passwords. Such information can be changed at any moment in the case of discreditation.

Static personal data, such as date and place of birth, passport number, are much more valuable to hackers. Even your mother's maiden name is static personal data. Such information cannot be changed after the leakage, and it can lead to decreasing of personal safety level in general.

Everyone loses something

When any website is hacked, a web service and its users come off a loser together. For companies the loss of customer data in the best case can result in adverse publicity and high costs. Mass leakage of data costs the company about $60 million of direct costs. In the first quarter of 2014, the global market of retail trade fell by 5 percent because of multiple personal data leaks. People are just afraid to buy something in internet stores and prefer not to spend money online.

Users should also be responsible

The transfer of responsibility for data security from a service provider to an end user can cause a benefit both parties. Let's look at such method of authentication as "common issues", where system asks user to enter personal information, such as "favorite color". To prevent the possibility of accidental guessing the answer, many sites use very specific questions, the answers to which a user does not remember, for example "Please, enter the name of your first teddy bear."

Let users choose their own security questions, in this case they will use the data that is not publicly documented and little-known.

In addition, you can provide your users more transparent information about their online activities, such as time and place of the user’s last login that allows him or her to detect hacking attempts. Even most sophisticated intrusion detection system may not be as effective as the end user: "Hey, I was in China yesterday. Something is wrong here!"

Use of personal data

Nobody wants to believe that the level of safety of his or her personal data is very low, but it can help to take a sober look at reality. We can compare the safety of personal data to the human health. In both cases, there is a risk of losses.

Preparation of measures to protect personal data against leaks can give companies understanding that they are an integral part of the global ecosystem which contains all personal data of all users. After all, if a web service of one company has been hacked, it can lead to leakage of data from many other web services. We are all closely interrelated.

Readiness against hacking attacks is the best method of protection. Here are three strategies that will help you to protect users' personal data:

Modification of passwords and use of hashes. One-way encryption of passwords should be applied universally, because strong encrypted passwords are very costly to hack.

Do not rely on static personal data. It is likely that data such as passport number is no longer a secret. If they had once been made public, it is difficult to change them somehow. It undermines the overall security of personal information in the Internet.

Do not store personal data for a long time. Suppose that hackers got some data stored on the company’s servers. Cleaning the sensitive data that is no longer represent a benefit, for example, data accounts that have been closed, will reduce the importance of the information leaked to hackers.

Now companies are finding a compromise between security of personal data and it using for marketing purposes. But do not forget that static data should be kept in secret. Even government websites should not use them for identification. French online tax system during registration provides a digital certificate that is used to access the site. This authentication method is much safer, because the certificate can be deleted and replaced by another in case of hack.

Software for data protection

Companies should remember that their internal information should be adequately protected to prevent leakage of sensitive data.

There are plenty of products that help to preserve the integrity of the data and protect against hackers, but if it comes to more complex and specific problems, such as protection software source code or corporate document flow, the volume offered on the market is greatly reduced.

Let's consider two products designed to solve such tasks:

StarFortce С++ Obfuscator. The solution is designed to protect source code and data used in the applications written in C and C ++. This complex and feature-rich product is weakly similar to those primitive tools, which are widely distributed on the Internet and are often ineffective. StarForce С++ Obfuscator is designed for large and labor-intensive projects that require hack proof protection to save important information unhacked.

StarFortce Content Enterprise is not just simple software, in fact it's a series of measures that should be implemented at any company to protect the confidentiality of all enterprise documents that also contain personal data. The solution takes place within the company and allows to protect documents, both inside and outside the perimeter of the corporate information system.

This is not just the precautionary measures; it's the need to protect the confidentiality of data in the world with growing activity of cyber criminals.

Back to the list