Large-scale solutions in the areas of privacy legislation, self-regulation, and message encryption.
The Big Picture
Thousands of pages have been written about myriad software options that offer businesses and private users security and privacy when online. Our Insights contributors will continue to update you on as new, proven protective options emerge against ever-evolving hacker threats in the coming year.
However, to put these developments in perspective, it’s important to understand the big picture, i.e., large-scale solutions in the areas of privacy legislation, self-regulation, and message encryption.
All levels of government need to devise legislation to help protect Internet users. At the same time, businesses require the transfer of customer information required for the sales of goods and services. The key is preventing unauthorized access to private/proprietary information. Unfortunately, self-regulation hasn’t adequately met this latter requirement. Some Private Sector proponents argue that compliance costs are too expensive. Ongoing research shows this is an unfounded concern. One example– in areas without protective legislation, credit card companies have for 20+ years born the burden of credit card theft without incurring any governmental expenditure.
Many reputable organizations are dedicated to self-regulation via message encryption and other safeguards. They are clearly doing what’s in the best interest of customers, as well as their own long-term ROI. Consider the hit taken by Target and other big-name corporations when they failed to protect their customers’ personal data from hackers. Clearly, what works best is a combination of self-regulation with carefully formulated legislation.
PKI cryptography is one of two frequently used tools for protecting highly vulnerable in-transit data/messages. With this method, if a consumer or business wants to transmit sensitive information to another site or user, algorithms are applied to hide the message content until opened by the receiver with a private/secure key.
Browser encryption is a complementary, critical strategy for keeping critical data private. Vital banking, medical and other information is transmitted via browsers. Currently, the standard for browser/web information encryption is the Secure Socket layer (SSL) used primarily in email encryption. The method of encryption uses an electronic key, usually symmetric, that works in both the server and browser while the Internet connection is open. Upon the termination of the session, the encryption is disabled. This means that this encryption security tool is highly dependent on the length of the key and brief browsing time. To help ensure effectiveness, the use of SSl/TLS is recommended to help servers meet the requirements of secure browser encryption.
Billions of people globally are using the Internet for reasons ranging from shopping, payment of bills, banking, medical records access, and research. Websites often require user registration that requires the disclosure of demographic information such as gender, age, location and credit card information. This has opened the door to hackers who attempt to secure and use this information for criminal purposes. This vulnerability demands stringent privacy and security legislation to protect users.
Although government legislation can effectively address this at a given point in time, Internet threats are evolving more rapidly than protective legislation given the increasing pace of digital technology changes. Consequently, self-regulation can be used more effectively than legislation IF evolving threats are carefully monitored and responded to by an organization’s IT security staff. Users are fully justified in expecting this kind of vigilance from organizations.
On the user side, we individually have a responsibility to stay abreast of the latest, most effective private online security tools to do what we can to protect our data. Fortunately, many highly effective ones are free.