My specialty is developing application systems for human wellness and business performance. As one can imagine, this involves monitoring and working with particularly sensitive data. Business activities and an individual’s health stats are considered among the most private breeds of data, and a compromise can mean not only losing your clients’ confidence, but also making vulnerable data available to malicious third parties. With this in mind, what is one expected to do about the delicate matter of privacy, and how should he approach it?
 
Good security is mostly good policy. Even a bad thief knows to check under the welcome mat for a spare key. That being said, most of your attacks come in through the front door, so to speak. Here are some general considerations for the non-geek when handling security.
 
In Business
 
Your office security can be locked down completely, but if an employee uses the same password for his Facebook account as he does to log in to your billing software, your business doesn’t need to be breached for someone to get credentials to your finances. A good password policy and auditing plan can help, and it’s best to have someone in charge of this effort. Keep it scheduled and enforce your policy, or implement two-step authentication.
 
If your business runs under a Bring Your Own Device (BYOD) structure, creating a strategy can be a real pain, but even a simple plan can help avoid huge threats. Catalog each device that an employee may bring that connects to your network. That means phones, tablets, laptops and even USB sticks. This will give you a real idea of what threats you might be bringing to your network from the outside and will let you know what type of BYOD policies you need.
 
The Cloud
 
The cloud is generally more secure than your own data center. On one hand, you have the security of “owning” your systems when you have in-house technology, at least in a geographic sense.
 
However that means all responsibility for those systems falls on you. A reliable third-party cloud company dedicated only to the storage, management and encryption of your systems and data will be dedicated to managing the infrastructure while you manage your business.
 
Of course that doesn’t mean that the cloud provides perfect security. Always read the fine print to figure out how your cloud provider encrypts and protects your data. If there is a blank spot on any of this in your provider’s terms, you should worry a little.
 
IoT
 
I know I said this would be non-geek, but IoT (Internet of Things) is now a mainstream concern. Every device you own that shares data without you necessarily interacting directly with it is essentially an IoT device. This includes FitBits, Google Nest, Iris, automatic pet feeders, front door cams, and a host of sensory devices. While you willingly allow these devices to monitor and spy on you, there are many cases where a third party can be listening in.
 
To start with, any time a device offers a chance for you to change its default admin username and password, do it. This applies to everything from routers plugged directly into the network to drones. Especially with popular devices, an attacker can gain remote access by identifying its signature to become a man-in-the-middle, listening to your communications. Often the only way to access these devices is through a Web or mobile application that is still communicating through WiFi or cellular signals. This means that for unencrypted channels, anyone on the network can “listen in” to what you’re communicating. At that point, you are whispering in a crowed but quiet room. When dealing with any new IoT device, make sure the vendor has protected its communication with a secure SSH key and an encrypted Web connection.
 
The Rest of Us
 
Keep your antivirus updated. The nature of business now means you will be collecting and sharing information just to keep operations going, and you shouldn’t trust yourself to be safely discretionary of everything that comes through your email. Your antivirus won’t catch everything, but it will stop more threats than having nothing in place.
 
In Short …
 
While developers and device providers like my colleagues and me work hard to create software and tools that take your data privacy into consideration, there are thousands of devices that I can’t account for. Personal privacy also is your responsibility as a consumer, so keeping savvy about vulnerabilities and using basic conventional wisdom should be on your list, at the very least. 
 
Devon Scott is founder and CEO of Blue Fission, LLC, a tech consultancy in Wilmington, N.C. Blue Fission focuses on strategizing digital technology decisions for startups and particularly enjoys working with health and wellness industries. To learn more about Blue Fission LLC, go to http://bluefission.com or call (910) 644-0977.