When addressing the topic of online identity management, I like to start out by sharing a figure that helps put this issue in perspective. In the past five years, the amount of digital information created and shared globally has increased by 900 percent to two zettabytes. To put this in more understandable terms, if the 11-ounce coffee on your desk equals one gigabyte, one zettabyte would have the same volume as the Great Wall of China. This shared information includes photos and videos shared on social media sites, personal and business documents that we save to the cloud, and even medical data that is recorded and shared by an emerging class of connected devices. The sheer amount of personal information we are generating and sharing online underscores some of the biggest security challenges we are currently facing: how do we control what this data is being used for and what can we do on occasions when it is misused?
We are still navigating the answer to these questions. At CSID, there are three big areas of risk we focus on when it comes to online identity management: online transactions, online sharing, and "The Internet of Things."
This area includes the information we voluntarily share with businesses and organizations online (and off). It includes information like credit card numbers and home addresses gathered when you make an online purchase; email addresses and passwords created when you open an account; Social Security numbers and bank account information entered when you file taxes online. With an online transaction, consumers inherently trust the business or organization will keep their data safe. However, that is not always the case.
When it comes to online transactions there are three key actions a consumer can take to better manage their online identity and mitigate the negative impact of a business or organization losing their personal information:
- Use an identity protection service. An identity protection service can alert you when personal information has been compromised, eliminating a dependency on the organization to identify and notify you when a breach occurs. In many cases, it can also help with identity restoration.
- Consider paying with a credit card. Credit card companies cannot hold you liable for fraudulent purchases made on a credit card. This makes it a lot easier and quicker to recoup losses from a fraudulent credit card charge than when using a debit card and recouping losses from a bank.
- Use unique passwords for all online accounts. When passwords are reused, one business' data breach can open up vulnerabilities across a multitude of completely unrelated websites, such as an Amazon account or banking website. Using a unique password will help prevent this.
Nearly 100 hours of video are uploaded to YouTube every single minute -- a number that is more than 20 times what it was six years ago. Facebook users are uploading 350 million photos each day. The amount of information we share on sites like Facebook, Twitter, LinkedIn, Instagram and FourSquare has huge implications for online identity management and the risks of sharing too much information can be severe.
Individuals who are active on social media sites and share personal information online are at increased risk for identity theft. According to the 2013 Javelin Strategy & Research Identity Fraud Survey Report, 54 percent of social media users have been the target of an identity threat. There are also reputational risks. A teenager's online reputation can mean the difference between getting into a dream college or not. Finally, there are actual physical risks associated with online sharing. When individuals post about an upcoming vacation on Facebook or check in to a location on FourSquare, they are basically broadcasting that they are not home.
The risk mitigation solutions for online sharing are pretty simple. First and foremost it is using common sense and understanding what types of things you shouldn't post. Another solution is awareness -- understanding privacy settings and knowing what rights to your personal information you are giving to apps that you connect with online.
There are social media monitoring tools available and in development that can help with these two things. These services send an alert when sensitive information is posted online. They also send an alert when potentially compromising information is posted to your social network profiles and when a social network site updates its privacy settings.
The Internet of Things
The emerging frontier in the identity management conversation is the Internet of Things (IoT) -- a trend where more devices are connected, most of which are collecting and sending data. This includes wearable devices like fitness trackers and connected watches, and home appliances like thermostats and refrigerators. Even the cars we drive will soon be collecting and sending data on our driving habits.
As we move further into the era of the IoT, the identity management conversation gets a lot more interesting. These devices will have information about us that range from the normal -- email addresses, home addresses, birthdates -- to the more abstract like what TV shows we watch, how much we exercise, what hours we are typically at home or away and where we are.
The best risk mitigation practice in the IoT era is once again awareness and education. It is important to be aware of the tradeoffs of convenience versus data capture, and understand what information you're sharing with the world. It is equally important to read the fine print when it comes to connected devices to find out what data they collect and what the company can do with it.
Identity management has never been easy, but it will clearly need to evolve to become even more comprehensive as technology becomes more and more integrated in our lives.