There has been a lot of security news in the past couple of weeks, and The Mac Observer is turning this week into Security Week. We’ve seen data breaches happening left and right lately, and someone should tell Silicon Valley that getting hacked isn’t a competition. Over the next several days we’ll be sharing tips on how to stay safe on the internet.
Quora is the latest company to suffer a data breach. What I find frustrating is how little information Quora is sharing with us. In its blog post the company says it wants to be as transparent as possible, while in the same sentence saying it won’t say what steps it will take to remedy the situation. 100 million user accounts were affected, and it sounds like this is Quora’s entire user base.
As I said in today’s TDO podcast episode, if it was a genuine accident, then you can’t blame Quora. No system is 100% un-hackable. But if there was negligence on their part, like not password-protecting servers, then I believe there should be consequences for that. It seems to me that the only way to properly punish a corporation is to hit them in the wallet. For example, with GDPR companies can be fined up to 4% of their global revenue.
Another recent data breach was Marriott/Starwood. With this breach, 500 million people had their information stolen. This includes names, addresses, credit card numbers, phone numbers, passport numbers, travel locations and arrival and departure dates.
I believe the U.S. needs a bit more regulations in this area. I know many people believe in the free market and we should “vote with our wallets.” But clearly that hasn’t been working. As I quipped in an earlier article, you can’t trust a criminal to turn himself in. We need our own GDPR, which is something that is in the works.
What Can We Do?
First, as I said above, the first thing we as customers of these companies need to do is support policies that will make them accountable. Quora shrugging it off and saying sorry is not acceptable. Equifax executives cashing their stocks out before they announced their data breach was even worse.
Second, there are technological tools you can use to keep your information protected. Using a password manager is essential. The three most popular ones are 1Password, Dashlane, and Lastpass. If you use Apple products then you could opt for the built-in iCloud Keychain.
To protect your credit/debit card information when you shop online, you could use Privacy. Privacy.com lets you link your bank account, then generate unlimited virtual cards to use. You can pause them, lock them to a specific merchant, and even create burner cards that can only be used once.
Speaking of burner, an app called Burner gives you a disposable phone number. If an app or website needs your phone number, give them a burner number instead of your real number. It’s good to use for two-factor authentication codes, if the service only uses SMS-based codes.