Data Breaches: Why You Should Read the Terms and Conditions
If you are a frequent reader of our Jungle Disk blog, you may have read my posts on digital marketing. I’ve really enjoyed sharing my experience with you, and I hope you’ve gotten some value from them. Today, I am going to take a break from digital marketing and share some thoughts about hacking. Or maybe I should say, being hacked.
It seems as though every day there is another news story about a company or organization that was hacked. Often when this happens, the organization loses data. Often when the organization loses data, it’s data about us. If you’re reading this in the U.S., the most recent, relevant example is Equifax. The Equifax breach compromised sensitive data (names, Social Security numbers, birthdates, addresses and in some instances, driver’s license numbers) on 143 million Americans. In terms of compromised accounts, it wasn’t the largest, but in terms of the sensitivity of personal data, it was one of the worst. If you weren’t paying attention to reports on data breaches before, you probably are now. If you want to read what Equifax has to say about the breach, you can do so on a special website they set up to publish details of the incident as well as a link to enroll in an identity theft protection and credit file monitoring service. I am not going to include a link to the service because my intention is not to advocate one way or another on whether or not you should sign up. Generally speaking, in today’s state of cybersecurity, it’s probably a prudent thing to do and I do personally have that service that I’ve paid for through another provider.
What I do want to advocate for is to us to pay attention to our data and digital footprint. It is becoming increasingly complex to be a digital citizen and it’s just going to get more so as technology becomes more and more present in our lives. We have to pay closer attention to what we’re doing online.
By now, most of us know about the basic things we should implement: anti-virus software, strong passwords (better yet: passphrases); two-factor authentication; secured wi-fi; use caution when using public wifi (or better yet, don’t use it at all); use caution when clicking on links in email; use caution when called from unknown numbers (don’t give any information to an unknown caller). That’s all basic stuff we should all being already paying attention to.
So what else can you/should you be doing? Read the terms and conditions. You know what I am talking about. We never read them. I never read them. Who has time for that? And even if I had time or interest to read the Ts & Cs, what would I do if I don’t want to agree to them? Not subscribe to the service? In thinking about this topic, I ran across an article in The Guardian on how a writer spent a week reading the Terms and Conditions of the services he was subscribed to. It was an interesting read and I know I am going to pay better attention when I sign up for services. Especially on mobile apps that are after my data. Do I really need to be entertained at the expense of serving up data about me? Imagine if you signed up for an app that asked you to agree to giving them access to:
- Your phone and email contacts
- Call logs
- Internet data
- Calendar data
- Data about the device’s location
- The device’s unique IDs
- Information about how you use the app itself
Yes, you could be giving app vendors access to that information. I think that was the most startling revelation in researching this topic. How much we give without thinking too much about it. The reality turns out to be that we’re giving away almost as much as hackers are stealing.
If you want to do more reading on recent breaches, The Hacker News publishes really informative pieces: