Welcome!

Cloud Security Authors: Elizabeth White, Zakia Bouachraoui, Pat Romanski, Liz McMillan, Yeshim Deniz

Related Topics: Cloud Security, Industrial IoT, Microservices Expo, Cognitive Computing , Agile Computing, Apache

Cloud Security: Blog Feed Post

Encrypt My Information, Please

When you provide that information to a company, what do they do with it?

By: Leigh Goldie

For the last few months, security breaches have been on the rise (or let’s just say have been receiving more news coverage). We have seen countless stories of large, popular websites being compromised by unknown, or later identified, hackers. The quest, it seems, is to determine how easy it is to access the personal information of customers from any popular company. The hackers are proud of their accomplishments, as they have gained access to tens of millions of users account information. But it seems they have a message for corporations – encrypt your customers’ personal information. But are companies being proactive?

When you personally work with any company – be it a bank, hospital, university, or social media site – as a customer you are providing them with personal information. This includes credit card numbers, account numbers, social security numbers, birthdates (which are easy to find in other places too), health information, passwords and more.

When you provide that information to a company, what do they do with it? They place it in a database for easy access whenever you need more information, want to purchase something, or have questions about your account. When they create their database, from their point of view, they look at storing information based on ways it will assist their company’s financial success. But now with the recent breaches occurring, it is essential for them to focus more on the importance of encrypting their customers information for their company’s and customers’ protection.

If you’ve never had an account compromised, talk to someone who has (I promise they will be within six degrees of Kevin Bacon). Ask them what happened, what they lost (financially or personally), and how hard it was to fix the breach or their credit scores. Unfortunately, they all have stories. Your goal should be to avoid those occurrences in your life by being proactive.

To do this, I have an idea. I would like to start a grassroots campaign where regular, ordinary people like you and me begin writing large companies demanding that our personal information be encrypted. Who should we write? Name a large company with whom you have been a long time customer. Got it? Now think of one more. It’s easy to come up with at least two companies which you have given personal information. I know I can come up with at least five off the top of my head. But if you need extra ideas, see the list below. It includes banks, credit card companies, insurance companies (auto, medical, health and life), financial companies, stores where you buy big ticket items, social media sites, and more.

Take five minutes to write a letter or simply copy and paste mine below. Sign your name at the bottom and make sure you include your contact information. Then, go to the privacy portion of their website. There you will find their privacy policy for your personal information. Under updating your personal information, or something similar, find their Send a Request to email address. From there, email your letter. Or to make a bolder statement so that there is a tangible copy in hand, use the address provided on that page for snail mail.

Another easy way to getting this point across is through a nonpartisan petition I created. You can find it here. It is written for the United States House of Representatives asking them to create a bill to securely encrypt consumers information within corporate/organizational databases. I plan to submit it to a few representatives from both parties that are either in or near my district in Ohio, or ones that I am betting would support this based on committees in which they have served. Please support this by signing the petition and encouraging your friends and family to do the same.

Cause and effect is a really important point that many companies and people within those companies do not take seriously enough. Help them see the light. Send them a letter telling them that you as a customer demand that your personal information be encrypted and secured before a security breach within their organization occurs. When they begin to hear this from a multitude of customers and constituents, they may just be encouraged to act.

If you would like to let us know to which companies you have sent a letter, or received a reply back from any company that you would like to share, you can reach us at [email protected]. You will find my example letter below along with a list of various large companies that you may be interested in contacting. Look at your monthly bills to add or create ideas of who to contact. I will keep you posted on the outcome of the petition, and thanks in advance for your signatures. Together, I know we can get this done.

To Whom it May Concern:

As a longtime customer of your company, I would like to know how and how well you encrypt my personal information within your company’s database. With the recent multitude of security breaches taking place, I believe it is essential to keep my personal information, including social security numbers, passwords, medical and insurance information, credit card information and contact information secure within your organization. Please let me know if the information is encrypted and what measures your company takes to ensure that my personal information is secure.

I am requesting a personal response and look forward to hearing from you soon. My contact information is listed below. Thank you for your time and attention.

Sincerely,

Your Name
Your Address
Your City, State Zip Code
Your Phone
Your email address

 

Here are links and other contact options to largely used websites that you may want to target if you are a customer or user:

Amazon Privacy Policy
Contact Amazon: If you do not have an Amazon account, click on the “Skip sign in” Link.

AT&T Privacy Policy
Contact AT&T: Email them at [email protected] or write to them at AT&T Privacy Policy, 1120 20th Street N.W., 10th Floor, Washington DC 20036.

Bank of America Privacy Policy
Contact Bank of America or Click on the feedback link at the bottom of this page

Chase Online Consumer Practices – note, even if you have a Chase account, it is the same as Bank of America.
Contact Chase: You will find a variety of contact information here.

Discover Card Privacy Policy
Contact Discover: 1-877-256-2632 or log into your account to email them. Address: Customer Service – General Inquiries, Discover Financial Services, P.O. Box 30943, Salt Lake City, UT 84130-0943.

Facebook Data Use Policy
Contact Facebook: Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025 or

LinkedIn Privacy Policy
Contact LinkedIn: You will need to be logged into your LinkedIn account.

Morgan Stanley
Contact Morgan Stanley: US Privacy and Data Protection Counsel, Legal and Compliance Division, Morgan Stanley & Co. LLC, 1221 Avenue of the Americas, 35th Floor, New York, New York 10020

Sprint Privacy Policy
Contact Sprint: Office of Privacy – Legal Department, Sprint Nextel, P.O Box 4600, Reston, VA 20195. It says they will respond to requests within 30 days.

Verizon Privacy Policy
Contact Verizon: Privacy Office at [email protected] or write to Verizon Privacy Office, 1320 North Courthouse Road, 9th Floor, Arlington, VA 22201. Fax: 703-351-3669.

Yahoo Privacy Policy
Help for Yahoo! Account
Write to Yahoo! Inc., Customer Care – Privacy Policy Issues, 701 First Avenue, Sunnyvale, CA 94089. You can also call them at 408-349-5070.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.

IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.