Category

Data Privacy

Cyber Liability Insurance: Part of a comprehensive security plan

By | Data Privacy, Information Security, Risk and Liability | No Comments

It seems like every day there is a new story about a data breach and how millions of sensitive user records have been exposed.  The financial and healthcare industries are two of the biggest targets with some of the most sensitive data about people’s daily lives.  Theft and exposure of this data can open up these institutions to huge financial losses in the form of lawsuits and lost business.  Companies need ways to prevent and mitigate these potential losses.  Well-designed security protocols and software can prevent many of the data breaches that happen daily.  There will always be some risk of a breach but the use of best practices and strong security software reduces the number of attack vectors and thus significantly diminishes the risk.

Knowing that there always remains the risk of a breach, the question every company should be asking is: Should Your Business Get Cyber Liability Insurance?  As the CEO of LowCards.com (a free consumer resource website covering the credit card industry) points out, “many businesses are now turning to cyber liability insurance to minimize their risk of loss.”  Bill Hardekopf provides a great 101 on Cyber Liability Insurance and why you should consider it.  An important takeaway from the article is that “The insurance provider will evaluate policies, software and hardware to check for potential areas of weakness.”  The provider may even set a minimum standard for obtaining insurance or charge higher premiums for companies with weaker practices and software. Even if the standards aren’t there today, they will be emerging, and they will begin to affect rates and overall liability of a data compromise or a breach.

A good analogy to cyber liability insurance is property insurance, something every business should have.  Basic safety measures like fire extinguishers and smoke detectors are often minimum standards for even obtaining property insurance.  More advanced features like a security alarm system result in discounts on the premium paid for insurance.  In the same way with cyber liability insurance, installing anti-virus software or an advanced counter-exploitation platform could be considered a minimum standard or result in reduced premiums.

Given the importance of preventing a data breach most companies already implement counter measures.  However, given the likelihood a business will be the target of a successful data breach, companies should also consider adding cyber liability insurance.   Having a comprehensive plan for prevention and mitigation will help a company weather any storm that confronts them.

 


 

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online for people and organizations. Our software and hardware products are creating a future with privacy-as-a-service, delivering proactive internet protection from the moment of access to countering exploitation of digital behavior and activity. Simply: we prevent data from being compromised, establish trust between users and protect our customers work, online

Contact us to see how we can work together.

Is your VPN doing everything it promises to protect your privacy?

By | Data Privacy | No Comments

Commercial VPN services have recently gained widespread popularity and many present themselves as a solution for online privacy.  Some of them even claim to enable anonymous internet browsing. However, as pointed out in a recent Forbes article, Too Many VPNs Put Our Privacy And Security At Risk, the current VPN market is more of a minefield than an utopia.   Numerous VPN services been found to have significant security flaws, and some have been found to be downright malicious – they could potentially be exploiting your data rather than protecting it. While this is concerning on its own, it also highlights a need to better understand how a VPN fits in with a holistic approach to internet privacy.

Commercial VPNs create an encrypted “tunnel” for your web traffic between two points, your computer and your VPN provider.  If properly configured, anyone eavesdropping on that connection would only see that you were connected to a VPN; they wouldn’t be able to see your requests to individual websites.  This is valuable protection, especially if you are concerned about the trustworthiness of a Wi-Fi hotspot or ISP.   But because that tunnel sends all your traffic through the VPN provider, it’s of utmost importance that you use a trustworthy provider with a business model that aligns with your best interests.

However, even the best VPN is only a tool that can protect part of your digital footprint across the internet.  Potential privacy compromises are still possible at points before or after the VPN.

While it is often claimed that VPNs enable ‘anonymous’ surfing by obscuring your IP address, this is only successful in defeating the most rudimentary of tracking attempts.  Routine browsing activity generates a huge amount of metadata that can be used to uniquely identify and track users without relying on an IP address.  Techniques like browser fingerprinting, network traffic analysis, and even browser cookies can leverage this metadata to track users’ activity through a VPN.

A holistic approach to privacy also goes beyond protecting users’ browsing activity; it also includes the privacy and security of data already on your systems.  Any computer browsing the open internet, whether behind a VPN or not, is a potential vector for data compromise through malware, phishing, targeted attacks, or unintentional disclosure. A VPN can be a valuable tool for protecting your privacy, but it is far from a comprehensive solution.

 


 

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online for people and organizations. Our software and hardware products are creating a future with privacy-as-a-service, delivering proactive internet protection from the moment of access to countering exploitation of digital behavior and activity. Simply: we prevent data from being compromised, establish trust between users and protect our customers work, online

Contact us to see how we can work together.

The Socially Conscious Network

By | Data Privacy | No Comments

Ginny!” said Mr. Weasley, flabbergasted. “Haven’t I taught you anything? What have I always told you? Never trust anything that can think for itself if you can’t see where it keeps its brain?

-Arthur Weasley, Harry Potter

Any sufficiently advanced technology is indistinguishable from magic

-Isaac Asimov

Arthur Weasley from Harry Potter, being a wizard and having magic to rely on, didn’t need modern technologies like phones or cars. However, given his job in the department of Misuse of Muggle Artefacts Office at the Ministry of Magic he learned about how muggles (non-magic folks) created technologies to solve the issues which previously had only been solved by magic.

Today’s technologies, like cell phones, work almost like magic. They can provide us with the world’s knowledge in seconds or allow us to talk face to face with anyone in the world. They can get us almost anywhere in the world in less than a day. In a sense, without further investigation, they work like magic. If we think of magic as a basic law or force of nature then there is no intermediary step. It just works like gravity just works. But the reality is far more complicated when we think of something like a car where the basic forces of thermodynamics, friction, and combustion are harnessed to create a vehicle which can travel great distances through simple controls.

We know a car doesn’t think, at least not yet, but they are getting smarter and simply pressing on the gas pedal is no longer “driving by wire” where the input clearly leads to an expected output. Modern cars have antilock brakes which modify the pressure applied to slow down a car despite how hard the brake is pressed. This is handled by algorithms and calculations being computed by a processor within the car. In effect, a simple brain within the car. Still, such behavior is relatively easy enough to understand. There is still a defined cause and effect. Pressing the brake still slows you down but now it is done more effectively to reduce the risk of the brakes locking and the tires skidding.

Now, let’s move on from our car metaphor and look at something much more amorphous like a website such as Facebook. I think to many of the billions of users Facebook seems like a much simpler concept than a car. I’m sure some people have more confidence that they could build Facebook before they could ever build a car. Facebook was a simple website to connect people and share information that was originally invented by a college student. Since then, Facebook has grown and evolved into something much, much bigger than one college student could ever have imagined. In a sense, it has taken on a life of its own.

For the average user, you click a few buttons, download an app or go to a website and enter your personal information. From there, you can “privately” share your thoughts and communicate with your “friends”. Almost like magic, you can connect to any of the billions of users who would also like to connect with you.  But Facebook is not magic; It is technology. A far more advanced technology than the basic car that Henry Ford first mass produced. Unlike a physical car where the user had full and exclusive access to see all the internal workings should he or she choose, a user of an information technology like Facebook does not.

Why is this? Because we cannot see where Facebook keeps its brain. With vast processing power sitting on secured, proprietary servers, Facebook is more like a free taxi from a “friend” whom we don’t know very well. Imagine, this friend keeps a video camera in his car and records your every move. He assures you that it is just to serve you better and for your safety but you have to trust him that this is true. Since this is your “friend”, someone you’ve established a trusted relationship with, you agree to these recordings which you are assured are only to better help you. Or maybe he doesn’t even tell you if he is recording. You notice a camera but you trust that if he is recording then he is recording for his own benefit or protection and would never use it for any nefarious purpose.  Extend this scenario to Facebook or Uber and you might see where this is going. They are no longer just recording your every move, they are making decisions to “better serve you”. Your lips look chapped as you dryly swallow?  How about a bottle of water for $1. Thanks! I was parched. This is great that you are keeping such a close eye on me to better meet my needs.

Unlike an attentive, close friend, corporations like Facebook are not your friends.  Your friends are hopefully focused on your well-being. Also, unlike your friends, they will remember every time you ever “poked” someone. A good friend will forgive and forget.   You know your friend. You know her brain is in her head. You trust her. You don’t know Facebook. You don’t know where it keeps its brain or what it thinks or who it shares its brain with. In minutes an analytics company can pay a hefty sum to find out your most intimate details you shared with Facebook. A true friend would never do this and say it was for your best interests.

Sites like Facebook and LinkedIn offer at their core a simple service but benefit greatly from something called the network effect. But why did we ever invite them in to listen to our every conversation? Was it trust, ignorance, or just convenience? There was a user agreement when we signed up and probably never read but we had to accept it to use the service. Just standard legal stuff right?  Most services clearly state that they have the right to use your data in any way they want? If you’re not worried then you haven’t imagined the possibilities. Remember, if a service is free and the company doesn’t sell anything to you then you are the product and the company is selling you. There is no free lunch in this world unless your bubby takes you to Denny’s for the senior special.

So, it’s hopeless and this is just the cost of doing business, right?  Wrong, there is a solution. A new social contract must be created. A socially conscious terms of service that’s puts the user’s interests first. One that balances the user’s privacy with the needs for advanced technological services. One that respects our humanity and remembers what is most important. A contract that gives you the same level of trust as that of a friend.  And with that contract the technological know-how to actually back it up.  A contract is step one.  This is a fair and balanced terms of service that protects the user’s interests.  Competence is step two.  We all have friends we trust to keep our secrets but not necessarily to deliver an important letter on time.  You need a company that can protect your data, maintain good records and securely use that information to assist you.  Transparency is step three. You need to see where the brains are kept and how decision are made. The process should be clear and auditable.

Grey Market Labs is focused on these goals. We realize this social contract is a paradigm shift the world needs now. The technological age does not mean the end of privacy. As lofty as it may sound democracy depends on privacy, privacy with accountability. We cannot rely on government regulation alone to drive these changes forward.   We also cannot rely on other corporations whose business it is to sell your data.

 


 

Grey Market Labs is a Public Benefit Corporation founded with the social mission of protecting life online for people and organizations. Our software and hardware products are creating a future with privacy-as-a-service, delivering proactive internet protection from the moment of access to countering exploitation of behavior and activity online.

Contact us to see how we can work together.