In an
Ever More Remote World, It Pays to Protect Your Data
We've all been busy coping with being cooped up and dodging a deadly pandemic to concern ourselves with mundane things like password security. But the threat is bigger today.
We've been home for more than a year now and
things are finally starting to look up, which is great news. Some of us gained
new skills, some of us grew new appendages, some of us thought about all the
things we were gonna do and didn't. And many of us dodged a different and very
scary bullet that we probably didn't give five minutes of thought to the entire
year: Being hacked and having our identities stolen.
Amazingly, even though tens of millions of us
worked from home and shared our devices (willingly or otherwise) with wives,
kids, relatives, friends, neighbors, co-gamers and visitors, we didn't have the
enormous wave of password and identity theft, ransomware, and related frauds
that have been anticipated. Some 80% of data breaches are due to poor password security
- we reuse the same, easy-to-guess password on multiple websites, and we rarely
if ever change the passwords.
As the saying goes, the world's divided into
folks who have been hacked and folks who don't know that they've been hacked.
Current estimates are that more than 20 billion stolen logon credentials are
presently floating around and being bought and sold on the Dark Web by
cybercriminals.
Whatever your current status--confusion,
indifference, ignorance or avoidance - now is exactly the right time to protect
your passwords. Being forewarned is a great way to be forearmed and insulated
from risks like these, but only if you heed the warnings. Get some password
protection - get it organized and installed of all your devices (and those of
your family members) - and do it now because it's no longer a question of if
you'll be hit, it's just of question of when and how hard.
This isn't Chicken Little stuff -the Russians
just pulled off a
remarkable hack of FireEye, a supposedly top cyber security firm, to breach the
Treasury Department and God knows what else. Just ask anyone who's been a
victim about the time, pain, cost and grief associated with having your devices
compromised, your passwords stolen, and your credit and identity ripped
off. And remember that the most likely people to leave the doors open for
the bad guys are you and those closest to you - your own family and your
employees. It's not because they're bad people obviously, it's just that these
kinds of things aren't top of mind for them or even in their heads. So, it's
all on you.
And a word to the wise: be careful which data
protection program you pick because you will be investing some amount of your
scarce time in the set-up as well as entrusting your very sensitive information
to a third party. Make sure your pick will be here for the long run with the
team, talents, resources and tools to keep up with the continual threats and
new technologies and provide the necessary support and infrastructure to grow
with the market as well. You want a company that's a keeper.
More technology-based, early-stage businesses
with a real product or service fail because they can't manage their growth than
starve for lack of business and opportunities. You want a privacy and
protection "partner" who's been around 5 or 10 years, has a
demonstrated record of success with both consumers and enterprise customers, is
highly rated in the app stores (where people put their money where their mouth
is), and has grown steadily and consistently and reached a million or more
current users.
Online reviews can be somewhat helpful guides
especially in a world where there are constantly new entrants of uncertain and
largely unknown backgrounds. Many of these aspiring players have unclear chops
and modest financial resources and won't be here in a year or two. But I've
been consistently under-impressed with most of the mainstream computer press
articles which try to rank the major vendors. The rating sites like TrustPilot and G2 Crowd are a much better bet.
I don't want to fall into the same advice trap
although I believe that there's a clear winner in this particular race. What's
more useful is to give you a short checklist - in addition to the concerns and
issues I have mentioned above - to compare the various providers so that you
can make a careful and informed choice. You won't find me talking about cost
because (a) the costs are trivial and (b) just avoiding the financial risks to
you, your family and your business is worth many multiples of whatever you end
up paying. This isn't something that you try to do on the cheap. Decide who's
the best and best-suited for your needs and go from there.
Here's my short list of critical criteria.
(1) At least a million or more paid annual
users. Trial is easy - forget it. Subscriptions are hard, sticky, and mean
something serious.
(2) Strong, positive user ratings,
especially across all the app stores and, of course, the
offering needs to be multi-platform.
(3) A solid balance sheet and firm
financial backers. Startups come and go - you want to trust your security to a solid,
well-funded organization that will be here for the long run. One that plans and
advances development over decades. Think Google, not GameStop.
(4) A technical solution based on
Zero Knowledge (end-to-end encryption) so that no one - inside or outside the
organization - knows anything about the data and information stored on their
servers. Startups turn over - tech company employees are notorious for job
hopping - and all it takes is one depressed or disgruntled employee to put your
data at risk unless the provider is committed to, and consistently enforces,
this type of vault security.
(5) A demonstrated commitment to
innovation, iteration and continuous improvement without which the world and
the emergent technologies will quickly obsolete their products and programs.
(6) And finally, independent,
third-party security vetting and certifications (NCC Group, ISO, etc.) coupled
with systematic public disclosure protocols for vulnerabilities and an ongoing
program to encourage and regard bug discoveries.
Bottom line: you've been warned. The smart
money always bets on prevention rather than cure. You don't want to be the next
poster boy or girl for "too little, too late".
MAR 30, 2021
