It is becoming more evident that privacy in this digital age requires more than just maintainence.
The digital age has made it easier than ever to connect with our friends and family. Opening an account on a social media site only takes a few minutes. Once they fill up the site’s registration form, they are good to go. (Martineau, M. 2016)
However, by filling the form, they also agree to something that never gets stated outright. That something is the chance of losing one’s data.
Once their data is on the internet, it becomes more accessible than ever for people to obtain it. Of course, the security steps taken by the firm protects your information. However, time and again, they have shown not to be adequately implemented or are lacking to stop hackers. Such has compromised personal and sensitive data of millions of people.
The same plot has played out to domains as well. In a research conducted by Symantec Research Labs of 700 Software-as-a-Service (SaaS) domains found in urlscan.io‘s available index. They found that two of Fortune 500 organisations were affected by exposed data. (Roturier, J 2018)
Unfortunately, they were not alone as more were found to be guilty. SRL also estimated that about 10% of the domains reveal data in some way. (Roturier, J 2018)
SRL choose SaaS domains as the focus of the study because organisations are relying more on SaaS. They are taking up the technology to improve productivity with employees. Also, to ensure they comply with global and local data processing regulations. (Roturier, J 2018)
It is clear that even though these organisations transitioned to better technologies of today such as SaaS. They still haven’t given the same importance to privacy or haven’t taken the necessary steps.
What Can Be Done?
- It is true that security on the vast internet is hard to achieve and maintain. However, there’s not much that one can do once the data gets compromised. So, we recommend that domain owners take measures beforehand to ensure security.
- The web applications that get used should assume that any personalised link they form is prone to getting exposed. They need to offer authorisation checks and verify relevantly. (Roturier, J 2018)
- Implement solutions that secure link following as users are sharing links on SaaS providers for content. That is prone to exposing on the Web at the end. Also, ensure that the privacy settings for SaaS solutions are configured company-wide to protect the data. (Roturier, J 2018)
- Refrain from following links that you aren’t sure. Such can have some disastrous outcomes if the URLs are infected and not sanitised. Firms pursuing this practice can end up leaking sensitive data onto the Web. (Roturier, J 2018)
- Headless URL browsing must respect robots.txt directives (either at the document level or the site) as much as possible. At least, refrain from sharing their browsing results to the public. Leaving traces of sensitive data poses a substantial privacy risk to both organisations and the users (Roturier, J 2018)
- Consider using products such as Symantec DLP. They can help owners determine. That if the links to sensitive content are getting exposed on the web. (Roturier, J 2018)
What Can We Take Out Of This?
Information of people is invaluable. People’s lives can get ruined if proper steps aren’t taken to protect it. By not taking steps to protect it, you are signalling them that they are not as important to you. That is why privacy to domain owners should be such a big deal.
Even if we are to ignore the wrong side of things; it is still going to do one more harm than good. Especially so, at a time, when the entire world is pressing for the more secure internet.
Roturier, J. (2018, October 15). Defending Data Requires More than Good Intentions. Retrieved from https://www.symantec.com/blogs/expert-perspectives/defending-data-requires-more-good-intentions
Martineau, M. (2016, October 12). What is domain privacy and why should you care? Retrieved from https://www.godaddy.com/garage/domain-privacy-care/