Welcome!

Cloud Security Authors: Elizabeth White, Zakia Bouachraoui, Pat Romanski, Yeshim Deniz, Liz McMillan

Related Topics: Cloud Security, Industrial IoT, Microservices Expo, Cognitive Computing , Agile Computing, Apache

Cloud Security: Blog Feed Post

Encrypt My Information, Please

When you provide that information to a company, what do they do with it?

By: Leigh Goldie

For the last few months, security breaches have been on the rise (or let’s just say have been receiving more news coverage). We have seen countless stories of large, popular websites being compromised by unknown, or later identified, hackers. The quest, it seems, is to determine how easy it is to access the personal information of customers from any popular company. The hackers are proud of their accomplishments, as they have gained access to tens of millions of users account information. But it seems they have a message for corporations – encrypt your customers’ personal information. But are companies being proactive?

When you personally work with any company – be it a bank, hospital, university, or social media site – as a customer you are providing them with personal information. This includes credit card numbers, account numbers, social security numbers, birthdates (which are easy to find in other places too), health information, passwords and more.

When you provide that information to a company, what do they do with it? They place it in a database for easy access whenever you need more information, want to purchase something, or have questions about your account. When they create their database, from their point of view, they look at storing information based on ways it will assist their company’s financial success. But now with the recent breaches occurring, it is essential for them to focus more on the importance of encrypting their customers information for their company’s and customers’ protection.

If you’ve never had an account compromised, talk to someone who has (I promise they will be within six degrees of Kevin Bacon). Ask them what happened, what they lost (financially or personally), and how hard it was to fix the breach or their credit scores. Unfortunately, they all have stories. Your goal should be to avoid those occurrences in your life by being proactive.

To do this, I have an idea. I would like to start a grassroots campaign where regular, ordinary people like you and me begin writing large companies demanding that our personal information be encrypted. Who should we write? Name a large company with whom you have been a long time customer. Got it? Now think of one more. It’s easy to come up with at least two companies which you have given personal information. I know I can come up with at least five off the top of my head. But if you need extra ideas, see the list below. It includes banks, credit card companies, insurance companies (auto, medical, health and life), financial companies, stores where you buy big ticket items, social media sites, and more.

Take five minutes to write a letter or simply copy and paste mine below. Sign your name at the bottom and make sure you include your contact information. Then, go to the privacy portion of their website. There you will find their privacy policy for your personal information. Under updating your personal information, or something similar, find their Send a Request to email address. From there, email your letter. Or to make a bolder statement so that there is a tangible copy in hand, use the address provided on that page for snail mail.

Another easy way to getting this point across is through a nonpartisan petition I created. You can find it here. It is written for the United States House of Representatives asking them to create a bill to securely encrypt consumers information within corporate/organizational databases. I plan to submit it to a few representatives from both parties that are either in or near my district in Ohio, or ones that I am betting would support this based on committees in which they have served. Please support this by signing the petition and encouraging your friends and family to do the same.

Cause and effect is a really important point that many companies and people within those companies do not take seriously enough. Help them see the light. Send them a letter telling them that you as a customer demand that your personal information be encrypted and secured before a security breach within their organization occurs. When they begin to hear this from a multitude of customers and constituents, they may just be encouraged to act.

If you would like to let us know to which companies you have sent a letter, or received a reply back from any company that you would like to share, you can reach us at [email protected]. You will find my example letter below along with a list of various large companies that you may be interested in contacting. Look at your monthly bills to add or create ideas of who to contact. I will keep you posted on the outcome of the petition, and thanks in advance for your signatures. Together, I know we can get this done.

To Whom it May Concern:

As a longtime customer of your company, I would like to know how and how well you encrypt my personal information within your company’s database. With the recent multitude of security breaches taking place, I believe it is essential to keep my personal information, including social security numbers, passwords, medical and insurance information, credit card information and contact information secure within your organization. Please let me know if the information is encrypted and what measures your company takes to ensure that my personal information is secure.

I am requesting a personal response and look forward to hearing from you soon. My contact information is listed below. Thank you for your time and attention.

Sincerely,

Your Name
Your Address
Your City, State Zip Code
Your Phone
Your email address

 

Here are links and other contact options to largely used websites that you may want to target if you are a customer or user:

Amazon Privacy Policy
Contact Amazon: If you do not have an Amazon account, click on the “Skip sign in” Link.

AT&T Privacy Policy
Contact AT&T: Email them at [email protected] or write to them at AT&T Privacy Policy, 1120 20th Street N.W., 10th Floor, Washington DC 20036.

Bank of America Privacy Policy
Contact Bank of America or Click on the feedback link at the bottom of this page

Chase Online Consumer Practices – note, even if you have a Chase account, it is the same as Bank of America.
Contact Chase: You will find a variety of contact information here.

Discover Card Privacy Policy
Contact Discover: 1-877-256-2632 or log into your account to email them. Address: Customer Service – General Inquiries, Discover Financial Services, P.O. Box 30943, Salt Lake City, UT 84130-0943.

Facebook Data Use Policy
Contact Facebook: Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025 or

LinkedIn Privacy Policy
Contact LinkedIn: You will need to be logged into your LinkedIn account.

Morgan Stanley
Contact Morgan Stanley: US Privacy and Data Protection Counsel, Legal and Compliance Division, Morgan Stanley & Co. LLC, 1221 Avenue of the Americas, 35th Floor, New York, New York 10020

Sprint Privacy Policy
Contact Sprint: Office of Privacy – Legal Department, Sprint Nextel, P.O Box 4600, Reston, VA 20195. It says they will respond to requests within 30 days.

Verizon Privacy Policy
Contact Verizon: Privacy Office at [email protected] or write to Verizon Privacy Office, 1320 North Courthouse Road, 9th Floor, Arlington, VA 22201. Fax: 703-351-3669.

Yahoo Privacy Policy
Help for Yahoo! Account
Write to Yahoo! Inc., Customer Care – Privacy Policy Issues, 701 First Avenue, Sunnyvale, CA 94089. You can also call them at 408-349-5070.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.

IoT & Smart Cities Stories
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...