Privacy Breaches Also a Threat To Business

Privacy Breaches Also a Threat To BusinessIn the popular version of the story that you read in the mass media, information privacy is strictly a consumer issue. Companies go to great lengths to snoop into our most personal data details. At best they are out to sell us stuff. At worst they are looking for reasons to deny us a loan, or a job, and are not much concerned about mistakes.

There is more than a little truth to this stereotype, but it by no means tells the whole story. Businesses also have good reason to be concerned about their data privacy. And small businesses, especially, can encounter some rough going in dealing with big vendors.

In one recent instance, Cisco Systems had to backpedal on its Cisco Connect Cloud service, making it an opt-in feature rather than a default management setting for users of its Linksys EA Series Wi-Fi routers.

Routers and Wi-Fi local networks are used by many consumers. But they are also in wide use by small businesses – especially those, such as many restaurants and bars, that offer Wi-Fi hot spots for customers, but often for internal business use as well.

So businesses as well as consumers raised a storm when Cisco made Connect Cloud a default. The result for users was automatic firmware updates, and terms of service that apparently included collecting users' Internet histories.

In response to the deluge of criticism, Cisco hastily shifted to opt-in for Connect Cloud. The company also "clarified" its terms of service, to emphasize that it was not peeking into its customers' Internet usage. 

All of which sounds an awful lot like the controversies that have swirled around consumer-facing companies such as Facebook. 

We can hope that vendors will learn from this experience, and be more sensitive to the privacy of both consumer and business users. But we cannot simply assume that vendors will be more careful. The lesson for users is that information privacy is everyone's business.

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."