Target. Quora. Twitter. Facebook. Equifax. The sheer number of massive hacks that happened in 2018 alone has given all of us data-breach fatigue. We know our personal data is probably compromised. We know it’s not a question of if but when we’ll get hacked. We just don’t know what we can do about it.
Unfortunately, the problem is even worse than it seems. Big, headline-grabbing hacks like those involving Cambridge Analytica or Equifax draw a lot of attention, but the attacks you don’t hear about do proportionally more damage. Ninety percent of data breaches affect small businesses, and 60% of small businesses that are hacked close up shop within a year. Meanwhile, in 2018, 90% of internet users aged 24 to 34 found their personal information on a scan of the dark web. Even sharing what seems like innocuous personal data – our phone numbers – is fraught with untold risks.
Big businesses pay millions for cyber-security protection yet still get hacked. Meanwhile, small businesses and consumers are left completely vulnerable, often with devastating results.
Instead of fixing the underlying problem and making our personal data safer, as a society we’ve thrown up our hands. We live with the uncomfortable assumption that this data will always be at risk. An entire industry of expensive, inaccessible cyber remedies has sprung up to play whack-a-mole with hackers instead of creating truly affordable, consumer-friendly solutions. Why? Because data that can’t be stolen can’t be sold. In the internet’s never-ending demand for more data, the individual’s right to privacy has gotten lost in the shuffle.
Obstacle to Democratization?
Consumer data is the 21st century’s biggest business. Tech companies have made billions by offering free apps or services with one easily ignorable catch: they own, share, or sell any and all user data that flows through them. This free-flowing data economy is dangerous for consumers and unintentionally compromises the affordability of cybersecurity for small businesses. With so much data flying around, hackers have more and more opportunities to steal and exploit it for identity theft, a massive problem that regularly drains billions each year from the economy.
While high-profile hacks motivate the largest companies to form robust cybersecurity departments, mobilize their huge budgets, and orchestrate the integration of multiple cybersecurity products, small-and-medium-sized businesses can’t afford these solutions yet suffer more for not having them. The best cyber solutions are too expensive for many to afford, which unintentionally makes small businesses—and the consumers who patronize them—an easier target for hackers.
Keep Data Private
The solution to protecting individuals and SMBs is a combination of government regulation, consumer action and greater innovation in the private sector.
More tactically, small businesses can go a long way today toward protecting themselves by leveraging many of the emerging and affordable tools now available to consumers–and then distributing them among employees and teams. Here are a few suggestions:
Better browsers. While Chrome is drifting more towards invasive policies and anti-user stances, browsers like Firefox and Brave include anti-tracking tools, ad blocking, and more. Consider these browsers for the laptops used by employees at your small business.
Password managers. According to a 2016 Verizon Enterprise report, 63% of confirmed data breaches were the result of hackers using weak or stolen passwords. Small businesses are notoriously bad at enforcing password policies; it’s a lot easier for a larger corporate IT department to mandate, and/or pay for, password-manager software like LastPass and 1Password. But if you’re a small business, you should consider this, because password managers work. And suffering a breach will cost a lot more than reimbursing your employees for the protective software.
Mobile-device policies. Employees at organizations of all sizes are increasingly doing company business on smartphones and tablets. But, again, smaller companies may have less-robust policies–and fewer people to enforce them–around security for phones and working from home. Password policies should apply to employee mobile devices, and they should receive automatic security updates.
Other privacy/security-focused apps. Consider recommending that your employees use services like the privacy-focused search engine DuckDuckGo. It gives users the information they seek without storing any search history data to be monetized as ad revenue. Companies like Telegram and even Facebook’s WhatsApp offer end-to-end encryption for truly private messaging. Even more complex solutions like VPNs are becoming more popular, too.
The technology consumers and small businesses need to protect themselves and their data is finally being made available on a mass level. Governments and private companies can talk about how they value user privacy and our data rights, but actions speak louder than words. It is up to users, and small-business managers, to take advantage of new tools and take a stand against those who would attack their privacy.
This post originally ran in smallbizdaily.
Written by Gal Ringel, the co-founder and CEO of Mine*, a company focused on empowering Internet users to know who holds their data and decide how it’s used. Ringel is a veteran of the Israel Defense Force’s Elite Cyber Unit 8200 and a former investor with Nielsen and Verizon Ventures.
* Denotes a Battery Ventures portfolio company. Battery Ventures provides investment advisory services solely to privately offered funds. Battery Ventures neither solicits nor makes its services available to the public or other advisory clients. The information above is based solely on the opinions of the author and should not be construed as investment advice. For more information about Battery Ventures, please refer to our website. Content obtained from third-party sources, although believed to be reliable, has not been independently verified as to its accuracy or completeness and cannot be guaranteed. Battery Ventures has no obligation to update, modify or amend the content of this post nor notify its readers in the event that any information, opinion, projection, forecast or estimate included, changes or subsequently becomes inaccurate.