Data Security – Your private data was exposed. What does that mean?

Whenever you put data on a computer, taking steps to secure data it is a requirement. I take a lot of steps related to data security, such as dedicating one of my computers to development work only (no general web surfing allowed), keeping and running an updated anti-virus/anti-spyware application, using SSL (https) on data-heavy websites, running security scanning software on the server, transferring files using secure connections, configuring custom access settings on the server, keeping all of my software updated and more. One of the biggest culprits behind data theft isn’t a problem with software or hardware, it’s people doing dumb things.

Periodically, big companies make the news because of customer data being “exposed” due to data security failures. Verizon was the most recent victim of this. Looking at people’s reactions in my social media feeds, it’s obvious a lot of them don’t realize there is are differences between data being “exposed” and data being stolen. Here is a brief explanation of the differences.

Data was “exposed” – This means your data is out wandering the streets without clothes on, well, not exactly. What it means is someone put your information in a location that was not protected by any security protocols, such as encryption or a password-protection. Without any data security protocols in place, you’re data can be easily accessed by anyone.

When your data has been “exposed” someone COULD have accessed it but they probably didn’t. It’s good policy for a company to warn people whenever this happens, even if it doesn’t seem like anyone actually accessed the data, so they can pay attention to bank statements, credit card statements and other financial information to make sure nobody is using their information to do illegal things.

Here in Ohio, someone working for the state once left a laptop full of private resident data on top of a car in downtown Columbus. This is an example of data being “exposed” and it didn’t even involve the Internet. it doesn’t have to involve the Internet because your data is stored in a lot of places both on and offline. Anytime that data is put in a position where someone could easily get their hands on it, it has been “exposed”.

Another example of data being “exposed” would be storing customer credit card information without encryption on an external drive without password protection and leaving that drive on a table at your local coffee shop.

Data was stolen – This means someone purposely gained access to information, either through an Internet connection (hacking) or some other form of theft, and it is very likely they intend to use it for something illegal (get credit cards in your name, file fraudulent tax returns, make purchases on your credit cards, etc.).

When your data has been “stolen” it’s much more serious and you should pay very close attention to your personal financial information. If the theft involves credit card numbers or account information you should change all of that information ASAP.

Whenever government documents are “leaked” what usually happens is an employee or contractor takes documents that they have access to off premises without permission and either gives or sells them to the media.

In Summary:

So, to keep it simple, data exposure is when someone does something dumb accidentally and data theft is when someone does something dumb on purpose. Both situations require your attention but an exposure isn’t as serious as a theft.

If you have questions about this, or anything else involving website security, get in contact with me anytime!

– Tom
Contact Me Here