Are your customers doing enough to help you protect their privacy?

Privacy isn’t only up to the CSO; users need to help by improving visibility and protection of their endpoints

Australian consumers may be protective of their private data but most still don’t understand their role in ensuring privacy by protecting their connected devices, according to new research that suggests many consumers are struggling to grasp the full extent of their security exposure.

Fully 90 percent of respondents to a recent McAfee survey said they are concerned about protection of their personally identifiable information (PII), but 83 percent admit that they don’t see protecting their connected devices – a critical part of protecting personal data – as a top priority.

With connected personal home assistants, TVs, security cameras and other devices compounding the existing exposure of smartphones and tablets, many consumers are weighing “how much personal data they should be allowing companies access to and what kind of data ‘trade-offs’ they would be willing to make in order to gain access to the online services they need,” McAfee APAC chief technology officer Ian Yip said in a statement.

“With a lack of awareness on how to protect connected devices, there is a disconnect between the privacy level Australians want, and the steps they actually need to take to stay safe. Most consumers don’t realise that protecting their privacy and the security level of their connected devices are tied together. You can’t have one without the other.”

Only around half of respondents were proactively managing security of their home devices, with 59 percent saying they limit whom they allow to access their home network, 49 percent applying patches and updates to app or device software when prompted, and 58 percent saying they have changed the default password on new devices.

Only 35 percent of respondents said they know how to properly check if their connected home applications are secured – potentially exposing them to abuse by the Mirai Internet of Things (IoT) malware and its brethren.

Teaching end-users to get better

The figures – which come as the Office of the Australian Information Commissioner (OAIC) joins similar bodies worldwide to commemorate Privacy Awareness Week (PAW) 2018 – serve as a reminder for home consumers to spend time familiarising themselves with good device-security practice.

Given the free movement of devices between work and home environments, such controls are also important in protecting enterprise networks from potential data breaches and malware incursions.

This will be particularly important as increasingly digitised businesses and governments build services – for example, the GovPass digital identity program announced this week to move tax file number applications online – that leverage users’ endpoint devices for interactivity:

Consumers around the world have been rapidly adjusting their expectations around privacy in the wake of high-profile mass data breaches that have leaked billions of records online and sharply diminished consumer tolerance for companies that compromise their data.

Cloud and mobile-security firm Bitglass offers five key recommendations to help maintain data privacy as data is increasingly spread across enterprise, cloud, and employee endpoints with varying degrees of privacy.

These include addressing cloud data visibility – critical to understand the company’s true exposure to cloud services – as well as using layered authorisation to bolster standard password-based defences, which are open to exploitation using password-stuffing techniques because simplicity-minded employees often reuse passwords on business and personal accounts, or choose simple passwords that are easier to remember.

Businesses should also focus on developing a unified data access policy that maps security controls to cloud application capabilities, Bitglass advises, as well as adopting security layers to bolster personal devices, and utilising security automation where possible.

“When ever-increasing sophistication meets ubiquitous access, the risk of misconfiguration is almost inevitable,” Bitglass ANZJ head of solutions engineering Wayne Phillips said. “IT leaders understand the implications of data breaches and must adopt advanced cloud security solutions to protect data and maintain user privacy.”