Flash of the obvious: you are responsible for protecting your data

I really feel sorry for the modern consumer. None of us, even those of us with computer science degrees, can really assess the security of our computer systems (at least not with any precision). We can study historical trends and glean lessons on which operating systems are more secure and we can educate ourselves on best practices and optimal configurations, but how can we really know what is secure and what is not?

This has been a problem for as long as consumers have had computers. It was highlighted again when stories of a data eating glitch in Apple’s latest OS surfaced. According to multiple sites (including The Register), when some Apple OS users logged into a guest account and then back to their user account on their system, all their data was deleted. Good security protects data and keeps it available. Good security does not delete the data you want access to!

For the last 40 years (since CompuServe in 1969) there have been clear trends towards consumers keeping more data in the cloud. That trend has been accelerating of late and multiple angles have been studied and dissected here. Security has always been an issue with consumer data in the cloud, but now it is becoming even more critical. Many consumers are hosting large parts of their personal, private and sensitive information in cloud based services. Some are using the cloud for all their finances. In the mobile world we live in many are leveraging cloud services as part of their handheld/cell solution. One of the most famous cases of data loss in this area is the news this week of Microsoft’s destruction of consumer data associated with the T-Mobile sidekick. The cloud can let you down in many other ways. Poorly configured cloud settings can contribute to social engineering hacks against your data, and there is a wide range of other unknowns that consumers face when deciding how much to host in the cloud.

So lets do a quick net assessment: If you keep your data at home, you can choose an operating system which has a high likelihood of being attacked by malicious code which can compromise your data’s confidentiality, or you can chose an operating system that has been found to totally destroy your data, or you can put it in the cloud where it can be destroyed or leaked by someone you don’t know.

What is a consumer to do?

In my opinion, the first thing a consumer should do is to understand who is responsible for protecting data. I’m talking to you here. You are responsible for protecting your data.

If you decide to trust someone else with protecting your data you are taking a risk. So try to understand that risk and mitigate it.

For example, I use several OS’s at home, including the Mac OS. All data from my home computers is automatically backed up into encrypted archives. That reduces risk a bit.

I am also a big cloud user, both for my business and for some personal uses. But still I’m careful about what data goes into the cloud and how it is protected. And a key segment of my data in the cloud is backed up locally. I get cloud benefits and a little more protection.

One thing I don’t do enough is print out important info like my contacts. After the lessons of the last few weeks I’ll be doing that more.

One thing I’ve never done is use the cloud for sensitive financial data. I’m just not ready to accept that risk.

On all OSs in my house I work to keep them patched. And I ensure the anti-virus is up to date. This is not perfect protection (there is no such thing), but it helps reduce risk.

In choosing cloud providers, I think through the company’s approach to security and their reputation in the area. We all have to hold these big companies more accountable. And it is just too risky to do business with companies that don’t respect consumers the way we should be respected.

Those and many other steps flow from an understanding that it is my responsibility to protect my data.

I hope those actions are similar to your approach. Let me know please if you think I should have highlighted something else relevant to consumer data protection.