You may have read this headline about the “very sophisticated hack” in a letter sent to you when a company or other data collector gets caught with lax security that they only then, after the (latest) hack, start to patch.
Thus, by all outward appearances, most companies seem to be reactionary: – IF a data breach occurs – THEN, a company take some kind of action. Then, the company often makes the data breach “sound” like there was absolutely nothing they could have done about it — had they *been* proactive in the first place, of course.
Getting your personal data takes at least two steps:
1. Breaching a company’s server and firewall safeguards — Most of the efforts to keep your data safe are usually here.
2. Accessing and then downloading data — Encryption needed to protect data if server breached.
You are probably now wondering if companies encrypt (scramble) your most personal data, like health data, on their servers. We can’t know for sure, but it appears that in most cases, based on all the disclosures from the companies themselves, they don’t.
What we do know is that break-ins and theft of your personal data is happening at higher and higher rates. Companies are not accountable to us and seem to suffer no penalties for what we, as customers and citizens, must go through to deal with personal data being compromised.
A rare exception is that Target has proposed a settlement from the 2013 hack for up to $10,000 for each customer for damages. From the Target hack, hackers stole information from 40 Million credit cards. (This settlement is pending approval at this time.)
The evidence that our data was not secured (encrypted) on a company’s server comes when we’re warned, via a “it was a sophisticated hack” letter from the company to us that … “hackers have obtained personal information”. If the hackers have obtained information, then it was not encrypted or the letter would indicate this fact and we could breathe a small sigh of relief. Furthermore, this one letter is usually the last thing we hear from the company since the hackers are rarely, if ever, caught.
It’s interesting that most of us use encryption every day without usually even thinking about it. We encrypt our hard drives, we encrypt our iPhones (standard in iOS 8 with password) or other devices, we encrypt our credit card purchases over the Internet, etc.
Although you might feel secure with the little lock icon on your browser, it is not enough to use HTTPS to secure your Internet traffic during transit if your data is then stored unencrypted on an insecure server. This HTTPS-only expectation is like taking a armored truck (in this example, the secure HTTPS “transit” piece) with cash to a (non-secured) table at a restaurant (in this example, the possibly insecure server where your data lives) and leaving the cash there (and hoping the cash would still be there the next day).
————
While no company can promise total protection and security of online data, at Hurricane, our private clouds are encrypted using AES 256 bit encryption. To connect to your cloud data, you must additionally use HTTPS. Thus, your cloud data is strongly encrypted on the server itself and in transit.
Furthermore, we use industry Enterprise Linux with advanced firewall filtering for your additional security and piece of mind.
Please contact us for more information on setting up a private cloud for you with your domain account already hosted by us.
——–
Please read our disclaimer available from our home page