This simple idiom is understood by the youngest of school children. It has been around for centuries, so why do our financial institutions, retailers and cloud based service corporations continue to put all of our sensitive data in one basket!?
First things first. This idiom, Don’t Put All Your Eggs In One Basket applies to you, the companies and businesses you interact with and do business with, the stores where you shop as well as the cloud(s) where you store your personal data and photographs and social networks you participate on.
Your data, their data, our shared existence on the Internet is vulnerable. No person, business, corporation, utility or government is immune or impervious to hacking. One thing we should all know by now it that today your financial institution could be hacked and next month your it’s your co-worker or neighbor’s bank or transaction.
It seems simple enough that if Target, Sony, Bank of America and other major businesses sites get hacked, they are not just getting a fraction of user’s data, they are getting all of their user’s data.
Check out Entrepreneur.com’s 8 of the Biggest Data Breaches Ever and How They Happened (Infographic) – it’s all pictures, so no heavy reading is required.
I don’t think the government needs to always step in and tell corporations how to conduct their businesses, but when it comes to protecting customer data, I think we need the government to step in and create some “best practices” for businesses, our data and their corporate and employee data.
Best Practices for Business
- Do not place all your customer data behind one firewall
- Do not place all customer data on one server cluster
- Limit credit card and payment processing from one vendor to a percentage of your business
- Limit the data shared back to third-party creditors, financial institutions, marketing services
- Split customer data into logical or random packets to assure that if data is stolen, it can’t be used in whole or in part by the hackers
If all businesses, corporations and governments implemented just one of the above Best Practices, it would go a long way to protecting our sensitive customer information.
In fact if these, the most simple and most basic of practices isn’t followed, the same insurance companies who have been bailing out these businesses after each credit card breach, each server hack, or just plain old corporate arrogance and stupidity should stop taking policies which are not in good faith being protected to begin with.
What can you and I do as consumers?
We can tell let the businesses we currently do business with, that we take these breaches seriously and expect that they will change the way they conduct business, store our personal and financial data and when breached, they will respond with full disclosure to the public and support the breached users and businesses with safeguards and protections.
We can also do what we can to place our own eggs in more than one basket.
- Diversify your banking to two or more financial institutions
- Use different email aliases for correspondence and online shopping, another for your user login name, etc.
- Use one password for social networks, another for banking and another for work, and so on
- Change one or more of your passwords or email aliases after a busy shopping seasons such as Christmas, or after returning from a vacation
Let’s face it, most people re-use the same username, email and password over and over again. Many do not change this information for years at a time – if ever.
By utilizing the email “Alias” provided by nearly all email hosting services, such as Outlook.com, Exchange, Google, Yahoo!, etc you can have one email Inbox for all your incoming email, but use a give out different email addresses (aliases) to different services and businesses you do business with.
This way if one hacked and your data has been breached, you only need to discontinue using the breached alias and give the new updated alias to a fraction of sites and services.
Four is a good number of aliases people should consider
Red: High security sites such as banking, financial, credit cards, Bill Pay
Orange: Online retailers and Utilities such as Amazon, Target, Best Buy, NewEgg, PG&E, AT&T, Comcast
Yellow: Minimal security for cloud services, non-financial social networks, like Facebook and Twitter, or political campaigns, charities…. Yellow should also be used for mailing lists
Green: General correspondence to trusted family and friends
Your Bank gets hacked, just change your email address yourname-red@service.com to yourname-red2@service.com and password for all “Red” accounts.
Say you start receiving lots of spam on your Orange Alias – change the email alias and password for only those sites. This way the spam goes to a non-working/cancelled Orange Alias and your new correspondence goes your updated Orange Alias.
Apply the same four color rule to your usernames and login for different sites and if your social network gets hacked and your data is stolen, the people who now have your information can’t use it access your bank or credit cards.
Grade Schoool
Remember, not putting all your eggs in one basket is something that we learn in grade school. This most basic of principles to protect oneself should not be forgotten once we turn 18, or our income skyrockets. We should all diversify and we should all demand that the businesses we trust with our business also follow this simple rule.
John Freiman's Tech Opinions 