How safe is your data from theft?Data breaches are on the rise. Well, that’s what we are being led to believe by the same mainstream media that want us to think that sharks are rising up against humanity, too.

I don’t believe that data breaches or shark attacks are increasing in frequency. What *is* increasing is our awareness of these events. Shark attacks are a bit easier to spot; person goes swimming, shark bites person, bystander calls television station, local police watching television then dispatch an ambulance to the scene, and the ambulance draws more attention and creates a bigger scene.

Data breaches aren’t as easy to notice for a bystander. They happen unnoticed for the most part. The only reason we do hear of them is that companies fear the backlash for a breach NOT being reported (as well as some laws requiring such breaches to be reported). Otherwise I bet we wouldn’t hear a thing about them (just like the Amity Mayor in “Jaws” didn’t want to scare the beachgoers during a holiday weekend.)

So we rely on persons inside the company to alert their bosses. The bosses alert their security team, who alerts the legal team, who then work with the PR team to craft a message to be delivered via some television network, and then everyone watching television knows that their financial details are at risk because they shopped at a Target during Christmas.

It Can Never Happen To Me

Let’s talk odds.

Currently there is a 1-in-11.5 million chance you will be bitten by a shark, and a 1-in-264 million chance you will die from a shark bite. Hopefully you will feel safer at the beach this year knowing the odds are in your favor to stay in one piece.

Unless you use a credit or debit card to buy some Del’s lemonade at the Snack Shack, that is. Then you may find your life isn’t as together as you might hope.

While you may not be likely to suffer a disfiguring bite from a predatory shark this summer, your odds of suffering a financial loss due to data theft is currently 7% or about 1-in-14.

Think about that number for a minute. Every 14 times you use a credit or debit card, you have a good chance of your data being stolen. That’s a remarkable number. And yes, the number of data transactions (financial, medical, etc.) on any given day is far more than the number of beachgoers in a given year. Let’s just focus on that 7% for a minute.

If reports of shark bites were at the same rate of data theft than on any given Saturday afternoon at the beach this Summer with 10,000 of your closest friends, 700 of them would suffer a shark bite…and about 30 of them would die.

I’d like to think that if shark attacks were happening at that rate then we would take steps to do something to avoid them. So why not do something with regards to data theft?

Can’t Win, Don’t Bother Trying

The only way to truly protect yourself from data theft is to live in a cave on a deserted island devoid of all human contact. Since that isn’t an option for many of us I believe we have just come to accept the risk associated with data theft.

Let’s get a few facts out of the way right now.

  1. Your data is not safe once it leaves your possession. You don’t control it anymore. You can’t trust what others will do with your data.
  2. Your data is not necessarily safe while in your possession. Think social engineering, or just leaving your workstation unlocked while you get coffee, or talking loudly about your work projects during dinner in a restaurant.

Nothing on the internet is safe. Blog posts, images…all ripe for theft. If you post or publish just know that someone is going to take from you at some point.

Likewise, every time you are asked to share information about yourself on a website you should just assume it will be used by someone, in some manner, whether you want them to or not. You are likely to find yourself added to email and cold calling lists. Any piece of data about you is out there for others to use.

Also, companies that pledge to guard your information often don’t (but they DO protect the businesses identity, so there’s that I guess). More than once I have caught companies sharing my information despite their pledge to never do so. And then I find that unsubscribing from spam results in more spam. Right now I have an email alias that gets nothing but spam from France and I have never once used that email address for anything. So, where did they get my email address from?

Resistance Is (Mostly) Futile

It is true that resistance is futile here. However, you don’t have to make it easy for the bad guys to get your data.

Here’s a few things you can do:

  1. Shred any documents that has personal information. Things like unsolicited credit card applications you get in the mail.
  2. Do not share your location every minute of the day. Be aware about the geotagging of photos, too.
  3. Question everything. No, Best Buy doesn’t need your phone number for every transaction.
  4. Don’t use public computers for financial transactions.
  5. Don’t talk loudly about work projects that are likely bound by a non-compete clause (or an NDA) with your employer.
  6. Just say no: don’t give away common things like Social Security numbers, credit card info, date of birth, etc. If it seems odd, don’t give it, and move on.

Making it even just a tiny bit harder for a thief can be all it takes for them to look elsewhere.

Let’s face it, your data isn’t safe from theft, ever. You share, you run a risk of losing. This fact shouldn’t be new to anyone. Even Benjamin Franklin knew about the futility of trying to keep secrets:

Three people can keep a secret if two of them are dead.” – Benjamin Franklin

If you want to avoid data theft, then don’t share your data with anyone. It’s as easy as avoiding shark attacks by not going to the beach (don’t get me started on Sharknado).

UPDATED: I meant to include links to two books written by Denny Cherry (blog | @mrdenny) regarding security. The first book from Denny is Securing SQL Server: Protecting Your Database from Attackers. The second is The Basics of Digital Privacy: Simple Tools to Protect Your Personal Information and Your Identity Online. Full disclaimer here: I served as the technical editor for both of those books, so of course I would want to pimp them in a blog post regarding data theft. No, reading those books won’t protect your data from theft, but they will give you the opportunity to make things more difficult. Most thieves don’t like difficult, they prefer the easy targets. Don’t be an easy target, go read those books.