Are you tired of hearing about yet another significant data breach? As I was reading about the most recent breach of Marriott and how the attackers were probably inside the Marriott system for four years (or longer), I got mad.
You should be mad too.
There’s no reason we should accept a lack of security from organizations (both corporate and government) that have collected our personal information. Many of these breaches were due to either pure negligence or management deciding to not spend the money to upgrade their network security to an acceptable level.
It’s frustrating that we’re still talking about many of the same problems with computer security that have existed for decades, even as the volume of data has exploded.
These attitudes about digital security are no longer acceptable.
It’s time for us to hold these people and organizations accountable. When I say “accountable,” I mean both criminally and civilly.
Instead of the United States continuing to be almost the only developed country without federal protection for personal data, we need to pass new legislation requiring this protection. The law should make the penalties and punishments severe enough to make organizations think seriously about their efforts and the resources to provide for security.
The problem won’t go away unless the probable consequences of failure to protect this data are real and substantial.
Senior executives and boards of directors who were aware of security problems (or should have been) and took no action to protect our data should face the risk of criminal prosecution as well as individual civil liability.
Situations like this have historically been considered to be “white collar” crime and have not been a high priority in our legal system.
This needs to change.
There’s too much fraud and other crimes involving digital technologies.
Yet there still doesn’t seem to be much interest in protecting people’s financial and personal information.
Too many organizations still consider the risk of a data breach as a “cost of doing business.”
After the Marriott breach was made public, several people have suggested that these breaches will not go away unless someone is prosecuted criminally and goes to prison.
It’s time to change the mindset and to force responsibility and accountability. If we don’t change the approach to security as technology continues to grow exponentially, we’ll see more techno-crimes of all types.
Let’s send a message that we won’t accept this attitude anymore.
In the meantime, what can you do?
The first thing I would recommend is to freeze your credit reports.
I understand that this is not convenient for every person, but think about the convenience compared to the risks of your personal information, financial data, and medical records being stolen in a data breach.
You’ll need to make that decision depending on your individual circumstances, but that’s what I strongly recommend.
For more detailed information about freezing your credit report:
Another aspect of this problem is to check to see if the children in your family have a credit history. For a child under 16, in most cases there is no reason for a credit record to exist. But if a child’s identity has been stolen, the theft might not be discovered for many years. That could make the problem much harder to clean up years later when it comes to light. It can be a bit more difficult to check a child’s credit history, but it can certainly be done.
For more information:
We need more security and digital investigations professionals.
Did you know that some projections say that by 2021 there will be over 3 million cyber security positions that we won’t be able to fill?
This number doesn’t even include digital forensics investigators who will also be needed to investigate the exploding number of techno-crimes.
We’ll need more of these experts to provide better security for our data, and to investigate crimes that will still occur.
Finally, there are too many organizations — both public and government based– that are collecting an ever-increasing amount of data about every person.
It’s time to hold them all accountable, and to demand that they take action to secure our data…or pay the consequences.
The days of ignoring security and facilitating the theft of our data need to end.
Perhaps the only solution will be when those responsible have an individual or corporate price to pay for their negligence or lack of responsibility.
Enough is enough.