Privacy Goes Mainstream in 2017

Featured article by Travis Howe, Chief information Security Officer at Conga

As we head in to 2017, it has become increasingly clear that privacy and security concerns have completed their jump from the board room to the living room. With citizen privacy protection being discussed more regularly, distrust is running rampant and complete security protection is no longer assumed by anyone. These changing assumptions were demonstrated just recently when the US Executive Order 12333 was put into place by departing President Obama to expand the power of the NSA to share globally intercepted personal communications with 16 other intelligence agencies before applying privacy protection. Additionally, the approval of expanded hacking by the FBI through Rule 41 in the US and the Snooper’s charter bill drastically extending UK state surveillance, as well as numerous other countries pushing for similar regulations shows that global awareness and concern is certain. With state-sponsored surveillance initiatives growing and an increasing number of poorly secured internet-connected devices making their way into the hands of consumers, cybersecurity and privacy will certainly be a growing challenge for all in the year ahead.

Increasing corporate awareness

As more people become aware and engaged with the realities around the slow erosion of citizen privacy, the debate is only expected to intensify. Like citizens, companies are becoming more aware of their own exposure to security vulnerabilities, due in large part to the recent Rule 41 announcement. The announcement approved expanded surveillance by the FBI, effectively allowing them to learn even more about the activities of US citizens and corporations. The rule allows for computers and devices to be searched anywhere in the world if said device is employing one of a handful of common tools meant to protect privacy.

Companies prepare

Organizations struggle to prepare for this type of monitoring as the privacy tools that the rule allows to now justify a search are fairly commonly used. Many organizations are not aware that these monitoring tools are sometimes used for more nefarious purposes. Similar instances of increasing government surveillance are occurring around the world, most notably with the UK’s aforementioned ‘Snooper’s’ charter bill. Security measures like these cause even more headaches for businesses, as they mandate that companies keep a significantly more watchful eye on what data is and is not kept from the government, which in turn draws more attention to privacy issues from the public.

Fear of the unknown

A large part of what spurs awareness around privacy issues is fear of the unknown. Vulnerability causes panic among organizations as they try to sort through new mandates and policies, and people, in turn, are left scrambling to figure out just how susceptible they are to these concerns.  All of these challenges while the world faces a drastic shortage of skilled security and privacy professional is making progress that much more difficult.  For most people, the efforts they take to protect themselves are more often reactive instead of proactive, and they are mostly unaware of any risk until it’s too late. Despite the mobile phone being the lifeblood of almost everyone’s lives, people are largely unaware of just how vulnerable these devices are to potential attacks. As security risks grow and hackers only continue to get smarter and more cunning, consumers and organizations alike will need to be better prepared in the future.

Until recently, the notion of privacy was usually taken for granted. Few people worried much about their data being collected or what potential security vulnerabilities lurked behind their screens. As people increasingly feel the effects of burgeoning privacy concerns and emerging security risks, both companies and citizens must consider how they can protect themselves proactively and effectively.

About the Author

Travis Howe, Chief information Security Officer at Conga

Travis Howe brings over two decades of security, compliance, privacy, and leadership experience to Conga.  Travis’ background within this space spans private, public, military, and government sectors. He has held a number of critical and highly complex roles prior to Conga including, US Navy Cryptologist, Cyber Security Program Manager for the Western one-third of the US Power Grid, Lead Security Architect for the Nation’s 911 next generation services, Vice President of Global Consulting Services with Reddshell, as well as the lead security role with ViaWest where he Led the Physical and Logical security for 22 data center at ViaWest. Additionally, Travis has obtained several technical certifications as well as industry-leading security and privacy certifications, CISSP, CISM CITRMS. He is also a member of several highly recognized organizations such as the International Association For Counterterrorism & Security Professionals.  Travis has a Bachelor of Science in Business Management from Colorado Technical University.