10 tips for entrepreneurs on how to protect users' private information

Read In

Data Privacy Day

Whether you own an e-commerce site, a content platform, or any other kind of websites, you find yourself today asking for an increasing amount of information from your users. The more you know about your users and their behavior, the better you can customize your services or products to fit their needs, thus growing your traffic and conversion rates.

But are you making sure to protect the data with which they entrust you in return for your services?

Possessing this much private information puts you as an entrepreneur – and your business – on the line, as stealing and exposing personal information incidents are increasing, since new technologies are making it an easier task. 

Data hacking was a global issue last year, with human rights groups calling for companies like Google to stop handing over user data to governments, particularly during the United Nations’ 8th Internet Governance Forum 2013 (IGF) held in Indonesia.

According to Privacy Rights Clearinghouse’s Chronology of Data Breaches, more than a half a billion cases of breached sensitive records have occurred since 2005. Further, nearly four-fifths of small businesses whose users’ data has been stolen go bankrupt or face prodigious financial losses within 24 months of the breach.

In an attempt to help users protect themselves online, explaining how personal data can be easily tracked and breached while users are trapped with so little to do about it, journalist John Naughton, used an interesting but alarming comparison last September in The Guardian, saying: “Imagine a gigantic, global web in which are trapped upwards of two billion flies. Most of those unfortunate creatures don't know – yet – that they are trapped. After all, they wandered cheerfully, willingly, into the web. Some of them even imagine that they could escape if they wanted to. We are those insects.”

Having our personal data exposed in a vulnerable way online his bad news. But there are several simple yet efficient ways to protect your users’ data from falling into the wrong hands.

On January 28thData Privacy Day – the US, Canada, and Europe commemorate the 1981 signing of convention 108, an international treaty dealing with privacy and data protection. On this occasion, we compiled ten tips for entrepreneurs to adhere to, in order to protect users’ private information:

  1. Limit the data. Ask only for the amount of data that is necessary for your services. The more data you own the riskier it gets for the user – and your business.

     
  2. Keep it to yourself. Be careful what data you allow the public to see, especially when your service offers interactions between users like following or chatting. It is best that your application implements features that prevents it from exposing personal information (e-mail addresses, phone numbers, photos, relationship statuses, and real names).

     
  3. Track and isolate it. Make sure you keep records on where the data is stored and that it is stored offline, as wireless networks are very easy to hack into.

     
  4. Encrypt it. When exchanging data between two or more data sources (from client to server), make sure the data is encrypted in transit i.e. APIs and databases. It is important in this case also to buy an https certificate for further protection, especially for online stores.

     
  5. Protect the passwords. Never store passwords in plain text. Always hash them; encrypting is not enough. And make sure your own passwords are strong and protected as well. The difference between hashing and encryption is: a) hashing is a one-way, irreversible process which makes it impossible to get the real text out of it. For example: ‘myPassword’ would look something like '$2y$10$bq.VwaCeFqi6oaFEJ2iBkOpXqzSE6FuTpbqGUealxTCysOakK1WxK’. While b) encrypting is a reversible process where text is enclosed in a ‘digital envelope’ protected by a secret. Think of it as a safe for which only you (your application) have the key.
     
  6. Destroy it when you are done. As an example, the ‘password reset’ tokens that you send out to your clients by email that allow holders to change their password. This also applies to offline practices, as all papers and documents should be properly shredded before thrown away, to avoid any theft of information on hard copy.

     
  7. Update your anti-virus software regularly. Most breaches come in the form of a virus attack. You want to avoid a security breach like Snapchat’s, which was hacked two times in the past few months, exposing usernames and phone numbers of more than 4.5 million accounts.

     
  8. Apply best practices in web security. Protecting different vulnerabilities, like the possibility for SQL injection and XSS attacks, which protects all data website information from being hacked or stolen.
     
  9. Implement privacy regulations. Make sure all your employees understand the importance of keeping clients’ information private. Don’t allow internal gossip unless it is relevant for the business.
     
  10. Inform your users. Most importantly keep your clients apprised of how you are going to be using their data, who will be able to see it, and when.

Read In

Media categories

Share

Related Articles