Privacy is a major pain point for companies of all sizes across industries and has been for quite some time. Enterprises are better protected the more knowledgeable they are about security and privacy.
Washington recently repealed an FCC rule that, had it gone into effect, would have made it difficult for internet service providers (ISPs) to sell customers’ personal information to advertising agencies and third parties. Data of this kind includes internet history, app usage, mobile location data, the content of emails and messages, financial information, and health data.
In the absence of these protections, we are back to square one -- our exposed reality. However, at least this debate brought the ISP issue to light. It gives everyone, including businesses, a chance to explore our privacy options.
Fair or not, a compendium of the website visits you make is a reflection on you. Visit patterns include information that can be construed or compiled to make health assumptions about you or a loved one. Others would reveal deeply personal preferences that you may not have shared with your loved ones. Some could reveal your ideological bent, shopping and downloading habits, where you are at a particular moment when you search a website, as well as your permanent location. None of this is good from a personal or professional standpoint.
So how exactly does this relate to your business? In an effort to protect company data, you absolutely want to implement companywide policies to avoid potential data breaches or any confidential leaked information. Here’s how you can do this with an eye toward the ISP challenge.
ISPs track data differently than a company like Google, Facebook or Amazon does. These companies track consumer data by viewing activity via user accounts. ISPs obtain data through all website visits and web page activity, affording them a more comprehensive look than tracking a single profile does.
A helpful first step for companies with employees who visit and use websites all day is to enforce a rule stating employees may search only on HTTPS sites. HTTPS stands for "hypertext transfer protocol secure." These websites are encrypted, meaning ISPs only see homepages as opposed to specific pages or content.
There are plugins that are available to help you arrive at a Google search destination page that is HTTPS rather than an insecure site, but Google already gives preferential treatment to HTTPS sites over others, meaning they are ranked higher in Google results. If your employees are viewing information about a competitor on a crawler platform that shows all website mentions, they should only open results from an HTTPS page so that if the information ever becomes public, the embarrassing or operationally sensitive information would not be there.
While there are those who are still hesitant to transmit their personal data over the internet, ensuring the use of SSL (secure sockets layer) should also be top of mind since your employees are transmitting company information and vendor payments. SSL is a standard security technology for establishing an encrypted link between a server and a client. You’ll want to ensure that your employees visit and use websites that use SSL and even rank those SSL sites with a third-party website.
SSL streams are also harder to inject code into because you would have to have the SSL keys in order to make this plausible. Ideally, sensitive company info should be encrypted with tools where only you control the keys. SSL is good enough, but remember that central authorities like Semantic or Komodo control the keys.
Additionally, you want to consider purchasing a virtual private network (VPN) or utilize a third party that serves as a “go between” for you and your provider. When you visit a site, a VPN gets that information first before sharing it with your ISP. This makes it look as though the browsing data is coming from the VPN’s IP address as opposed to your own, making it more difficult for the browsing data to be tracked back directly to you.
With VPNs, a physical server receives your data and encrypts it before sending it to providers. Therefore, it makes it more difficult for service providers to trace the information when it comes from a VPN’s IP address. Unfortunately, this won’t completely protect your data, as providers will always have access to some of your data. However, this will help in regard to maintaining internet anonymity and protection from third-party cyberattacks.
Businesses can configure company computers to use on-demand VPNs. Computers will always be on the company network, and it would be obvious if the device is used in a network outside of its own. Whether that means opening the VPN on your local Starbucks network or elsewhere, companies will know.
Another basic step is just for you, the B2B consumer, to do a little bit of due diligence. Any business that handles information over the internet should talk to its ISP about how the ISP treats differences in consumer and business accounts, how the ISP makes the distinction and how it treats the data. If your ISP wants your business, it will answer these questions, so don’t hesitate to be upfront and remain in contact with your ISP.
Finally, it is essential to teach a security-first mindset internally. Advise your team to compartmentalize its work and personal life. In the event of information getting into the wrong hands, it’s better if work or personal life, not both, are known to be breached. There’s a lesson you don’t want to learn by continuing to comingle your work and personal life on devices and applications, so a large part of preventing a business breach is teaching employees these commonsense rules.
