Specifically, workers experienced the personal benefits of flexibility that remote and hybrid work models offered during shutdowns. Many employees won’t or don’t want to go back. The percentage of these workers is likely to remain at high levels, and an employer’s ability to accommodate remote or hybrid work may now largely determine whether a worker takes a job or even remains with a company.

That is obviously a game-changer for recruiting and retention. It also increases the challenges of effectively managing a host of remote devices and the many workers using them. Potential impacts include infrastructure reliability, network availability, data accessibility, and, above all, IT security, but investments in robust technology to manage and support flexible work practices will ensure companies can remain responsive and secure.

A Remote Environment = Increased Threats to Security

As critical as it has been, remote work has significantly exposed companies to cybersecurity threats; these are the top risks to all organizations today. Yearly data breach totals remain high and show evidence of escalation: 1,175 in 2018; 1,108 in 2019; 1,872 in 2020; and 1,862 in 2021.

The risk is compounded not only by vulnerabilities in technology but also by human error. As evidence, Deloitte reports that 47 percent of remote individuals fell victim to phishing attacks while working at home. The average cost of a data breach enabled by a remote worker was $137,000 in 2022. Recent advancements in artificial intelligence are further increasing the number and severity of security threats, and this is why it is critical to get all aspects of IT support right.

By their very nature, hybrid work environments demand that organizations have a better awareness of risk and an even tighter grip on their data, devices, and processes to remain operational and secure. Historically, employees are the weakest link in the security chain. When employees work off-site, and often with personal devices, they lower the vulnerability threshold so much more.

Related: Choosing the Best Video and Audio Devices for WFH Setups

Because of the increased threat environment, many organizations are stepping up security investments and employee training, alongside establishing strict practices around sensitive data encryption for every device and ensuring backups are completed at different locations. Remembering that data not requiring daily access should also be removed from the regular data pool and stored where it can be retrieved when needed is also a good tactic.

Fortunately, organizations were not blind to increased security risks during the pandemic, and many put new measures in place and increased employee training. Still, many organizations have yet to modify their infrastructure to meet the new security and support challenges. Flexibility and agility are urgently needed, and many systems can’t provide either.

The solution is having a secure remote control platform that can handle a widely dispersed workforce while scaling and delivering support as required, regardless of location. Ideally, it should be easy to use, cloud-based, and have security at its heart.

 Security Features That Make a Difference

For a COO of an international company, ensuring the IT security for a hybrid working environment is a high priority, helping to safeguard network and data security, ensure uninterrupted operations and constant productivity and create a positive employee experience.

Our company has provided remote device management software for education and corporate settings for over 30 years and, with that, we’ve seen and adapted to the changes in risks and cybersecurity threats.

Some of the key remote control features that companies should consider include:

1. Secure Web Gateways

Secure web gateways are ideal for managing remote employee connections and provide extra security, regardless of location. The gateway logs all activity and can provide additional insights into which computers were attempting to connect, allowing IT teams to see whether unauthorized attempts are occurring.

2. Security Keys

As the name suggests, security keys enable remote users to connect only if they have the same security key as the client. These are encrypted passcodes and must match for connections between machines to be permitted.

3. User Acknowledgement

Implementing user acknowledgment is an effective way to guard against connection attempts from unauthorized devices. This simply means that when delivering remote support, an employee must explicitly accept the IT team member’s connection request before they can connect to the device.

With these things and more in place, maintaining a secure and productive hybrid working environment should be stress-free and, dare I say it, easy.

Matt Jones is the chief operating officer of NetSupport. He has spent his entire career helping corporate IT departments manage their networks and devices.

The post Keeping Your Hybrid Workplace Secure appeared first on My TechDecisions.

However, with these rapid advancements come concerns about the ethical, legal, and societal implications of AI, particularly with data and privacy protection. As such, policymakers will be grappling with how to regulate AI in a way that balances consumer protections while also fostering innovation. 

The Positives of AI Regulation 

The need for AI regulation is pressing for several reasons. Although, any regulatory framework will need to be flexible enough to accommodate the rapidly evolving nature of AI. 

While AI creates efficiencies, it doesn’t have the capability to understand the full story and why certain patterns may appear, which can result in bias. There are many types of AI bias, including selection, confirmation and algorithmic bias. One example of AI bias is gender bias in job advertisements rendered through AI-powered recruiting tools. It has been found to exclude women from certain male-dominated fields as well as men from women-dominated fields including an ethnic bias for targeting certain types of roles tailored to certain populations. Businesses need to be aware of these biases and work towards eliminating them to ensure that AI is used ethically and fairly. AI can be as good as the completeness and accuracy of the data sets along with the algorithm which is being used to derive insight or prediction.   

The right regulation also protects consumers’ data protection and privacy. This means governance around the collection, storage and use of data by AI systems. For example, we have seen this with marketing and consumers having to agree to how cookies from their site visits are used. For AI, this may involve requiring companies to disclose how the system works leveraging certain data and input, and how they use that to make decisions.  

Looking at the life sciences industry, you are finding solutions that address personal health, so when you generate data, it must be in a way that is auditable by the FDA.  For instance, AI-powered drug discovery tools may be biased toward certain classes of drugs and diseases based on historical data leading to the limited discovery of new therapeutics or treatments for less common diseases. The SEC does the same thing within the financial sector. AI-powered credit scoring or lending models may be biased against individuals from a certain demographic background leading to bias. 

Given these concerns, policymakers are under increasing pressure to regulate AI. However, overregulation, which we’ve seen, can also cripple innovation.  

The Negative Side of AI Overregulation 

It’s human nature to be afraid of what could be. 

Therefore, the cycle tends to begin with overregulation and then finds a balance as people become more comfortable with the technology’s capabilities. We saw some of this with cloud technologies early on. When cloud technologies first came out, people were concerned about trusting cloud technology architecture, who could see their information and how secure their data was. While not the case, it led to a lot of organizations moving slowly and we are just now starting to see the widespread adoption of cloud and cloud technologies. 

AI systems rely on large amounts of data to learn and improve. With overly restrictive regulations, companies may struggle to collect the data they need to develop new applications and insights. This slows the development of new technologies and entices companies to locate in countries with less strict regulations for a competitive advantage.  

One approach that can be used to strike the right balance between data protection and innovation is to implement a data minimization strategy. This practice involves collecting and processing only the data that is necessary for the specific task. By minimizing the amount of data collected, the risk of data breaches and misuses is greatly reduced while also protecting individuals’ privacy. 

 Striking the Right Balance

AI regulations are necessary to address the risks and challenges associated with AI. However, it is also important to strike the right balance and not stifle innovation. This will require more collaboration between policymakers, industry and civil society. 

A key difference to keep in mind now is the speed at which adoption occurs. As we lean more into being a digital society, it typically occurs at a much faster rate. While this may cause panic and make regulators feel rushed to issue guidelines, poorly designed regulations could stifle innovation, hindering the development of new AI applications.  

______________________________________________________________________________________________________________________________________

Douglas Vargo is VP of emerging technologies practice lead at IT & business consulting services firm CGI.

The post Walking the Tightrope of Regulations Amid an AI Revolution appeared first on My TechDecisions.

Cloud computing offers numerous advantages, including flexibility, cost-effectiveness, scalability, rapid deployment and storage capacity. Still, there are inherent cybersecurity risks with cloud infrastructure, including data breaches and leaks, compromised credentials, and human errors that can compromise sensitive data. The complexity of cloud environments makes it difficult to not only secure data in the cloud but also to comply with the requirements of laws and regulations.

Here are seven strategies and tips for improving your business’s security in the cloud.

1. Improve Third-Party Visibility and Monitoring

Organizations grow, evolve, and merge, as do the employees, locations and projects. Sometimes, tools are integrated with legacy systems, creating more complexity in your organization. This creates challenges in maintaining a comprehensive view of your network, systems, storage and applications.

To increase visibility in your infrastructure, you can use solutions to monitor activity and detect early signs of compromised accounts or possible threats. You should not only monitor your employees for unusual behaviors, such as a login from a strange IP address during off hours, but also your third-party suppliers, vendors and service providers. If they have a weak link in their own security, it can leave your organization vulnerable.

2. Deploy Access Management Controls

No matter what cloud providers you use, you’re responsible for securing cloud user accounts and their ability to access sensitive data. Your security program should have identity and authentication measures like multi-factor authentication (MFA) and role-based access control (RBAC) to reduce the risk of account compromise and credential theft.

Outline expectations for employee cybersecurity habits, including using complex passwords and ensuring that passwords aren’t reused across accounts. It’s best to have a centralized password management solution to ensure these policies are enforced.

You should also manage user access privileges. Instead of providing unlimited access to systems and data, use the principle of least privilege, which gives users access to only the data or applications they need to perform their jobs. Then, if their account is compromised, there’s only so much damage the malicious attacker can do.

Another best practice  is to use single sign-on (SSO), an authentication method that allows users to securely authenticate different websites or applications with one set of credentials. This is built on a trust relationship between the application and the identity provider, demonstrating a trusted source.

3. Apply Zero Trust Practices and Strategy

With the growth of the hybrid workforce and the migration to the cloud, Zero Trust offers a strategic approach to cybersecurity that’s rooted in the principle of “never trust, always verify.” It’s designed to protect cloud environments with authentication, authorization and validation for security configuration and posture before access is granted or continued.

Because there’s no network edge, networks may be local, in the cloud, or in a hybrid environment. Along with continuous verification, Zero Trust can limit the “blast radius” if a breach does occur, whether external or internal.

4. Invest in Cyber Security Training for Employees

Data security incidents commonly involve human error through access control, misconfigurations or simple errors. It’s important to train your employees to identify and respond to cyberattacks in their various forms, including malware, phishing emails, and denial-of-service (DoS) attacks.

Proper training can reduce the risk of breaches that occur from human error, so focus on establishing strict policies and procedures around cybersecurity. Train your employees on cloud-specific security tools, network behaviors, and perhaps most importantly, what to do in the event of a security incident.

Nothing is foolproof, but training ensures your employees are aware of the possible risks, exercise caution in their interactions, and know how to identify and report suspicious activities to mitigate the damage. As a result, you’ll not only enjoy some additional peace of mind but also potentially reduced costs related to data breaches.

5. Document Strict Off-Boarding Processes

Employees who leave your organization can expose risk in your storage, systems, customer information, data and intellectual properties if they still have access. Though often overlooked, ensuring that departing employees no longer have privileges for your data and applications is a crucial aspect of cybersecurity.

Through performing their job duties, employees have access to a variety of sensitive cloud applications and data, so you need a systematic off-boarding process to revoke access.

6. Encryption of Data in Motion and At Rest

Data encryption is a simple method to protect your data and limit the damage that an attacker can do in the case of a breach. It turns data into ciphertext, making it appear random.

Data can be encrypted at rest, in storage or in transit. There are two types of encryptions: symmetric and asymmetric. Symmetric encryption uses only one decryption key for encryption and decryption. Asymmetric encryption uses one key for encryption and a different key for decryption, which is kept private.

Along with being an effective cybersecurity measure, encryption is a vital element of data security for compliance with the standards for regulations like the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR).

7. Get Data Backup and Recovery Solutions in Place

Though most providers have robust backup plans in place to reduce the risk of data loss, there’s still a risk of loss from human error. Employees can accidentally delete data or malicious attackers can corrupt data, which is why you need a cloud-based backup and recovery solution of your own.

Having a backup and recovery solution helps you protect your information from not just human error but potential crises such as cyberattacks, hardware failures, power outages, and natural disasters.

Securing the Cloud

Staying aware of the unique cybersecurity risks in the cloud is the first step, but your organization needs a robust cloud cybersecurity position to prevent and respond to increasingly sophisticated cyberattacks as they evolve. Fortunately, these strategies and tips give you an opportunity to fortify your cloud security and safeguard your sensitive data and applications.

Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.

The post 7 Strategies for Improving Your Business’s Security in the Cloud appeared first on My TechDecisions.

According to Utelogy, it takes a holistic approach to improving its security posture to meet and exceed industry standards for both the products it builds as well as its business operations. Undergoing this process ensures the company has stringent internal controls that capture how Utelogy safeguards customer data throughout its systems and product offerings.

Utelogy’s platform enables end users to aggregate their AV/UC and IoT data to remotely manage, monitor and automate their collaboration estate to make better informed business decisions. Successfully completing SOC 2 Type II audit demonstrates that Utelogy prioritizes the protection of this data. The auditing process included an in-depth review of Utelogy company policies and procedures for data handling as well as tests of the organization’s security controls and operating effectiveness.

“Utelogy’s achievement is a testimony to our ongoing commitment to our partners and customers,” Kevin Morrison, CEO of Utelogy, says. “We are proud of this accomplishment, and we will continue to provide the very highest levels of security when it comes to managing our customer’s data.”

This article originally appeared on MyTechDecisions’ sister-site CommercialIntegrator.com.

The post Utelogy Attains SOC 2 Type II Standards in Data Security appeared first on My TechDecisions.

The implications of these security breaches are significant; they threaten not only health data integrity, but patient confidence in the healthcare system overall. One survey found that about half of consumer respondents were more likely to trust companies that reacted quickly to breaches or disclosed hacks of data to the public.

As a result, healthcare systems and companies becoming more proactive in safeguarding the data of their patients will be vital to the future of healthcare.

The Need to Prioritize Data Security

From patient data becoming more complex to security breaches becoming easier to conduct, it is paramount for healthcare executives to prioritize data security. Healthcare systems and companies possess data with an abundance of details on patients’ protected health history information, personally-identifying information and financial information.

This data alone makes healthcare systems especially susceptible to targeting. Furthermore, cyberattacks have gradually become easier to execute through tools such as malware-as-a-service, botnets and distributed denial of service.

Related: Hacker Used Malware to Delete 69,000 Patient Files at San Juan Regional

The accessibility of malware is only further facilitated by an increase in hospitals’ third-party partnerships, which serve as an additional entry path to data.

Lastly, the aftermath of cyberattacks poses a tremendous financial burden on healthcare systems and organizations. According to IBM Security’s 2020 data breach cost report, the average data breach cost healthcare organizations $7.13 million.

The impact of these breaches also extends to patient care; on average, a data breach at a non-federal acute-care inpatient hospital was associated with an additional 23-36 deaths per 10,000 acute myocardial infarction discharges per year.

Security Strategies to Take into Consideration

Fortunately, there are several measures can consider when implementing a security strategy that will prevent these pernicious attacks.

First, healthcare systems can ensure that their partner third-party healthcare organizations have protective measures against current cyber threats through trusted programs.

AICPA and HITRUST’s collaborative assurance program known as SOC 2 + HITRUST, for example, is a more reliable assessment than compliance with one or the other. Achieving this standard demonstrates an organization’s prioritization of the security, integrity, confidentiality, and privacy of the data it possesses.

Information Security Executives can also work to confirm that information technology suppliers are fully compliant with the HIPAA and HITECH laws, which establish provisions for securing confidential medical information.

Second, many healthcare systems use obsolete software that exacerbate their vulnerabilities to cyberattacks. By adopting and investing in modern Health Information Technology infrastructure, systems can minimize the potential for significant damage.

This also involves implementing more general data security measures, including encryption of all healthcare data stored, data recovery mechanisms, two-factor login authentication, and comprehensive workforce security training programs.

Formulating a complete security incident response plan with steps to identify, stop and evaluate a threat is also imperative to containing an imminent breach.

The Future of Healthcare Depends on Improved Data Security

Admittedly, organizations cannot be 100% protected from security threats. However, by prioritizing modern software and suppliers that share a zeal for information security, health systems can minimize their vulnerability relative to their competitors.

Although this may take a significant investment of resources, these investments also carry a significant ROI in terms of both dollars and improvement of the general public’s trust in healthcare systems.

The post Why Healthcare Needs Better Data Security appeared first on My TechDecisions.

It helps organizations with permissions and consistently enforces least-privilege principles to reduce risk, and it employs continuous analytics to help prevent security breaches and ensure compliance.

As organizations are adapting to hybrid work models and cloud-based services, the service entities that collaborate and exchange data without permission-based settings is increasing, leaving more organizations critical systems vulnerable to attacks, as seen in Kaseya ransomware attack.

Read: SolarWinds Hackers Used A Microsoft Support Agent’s Tools In New Attacks, Microsoft Says

Many organizations are struggling to assess, prevent, enforce, and govern privilege access across hybrid and multi-cloud environments. This new move stresses the importance of a Zero Trust security making it easier to enforce least privileged access for users.

Microsoft says, “The acquisition of CloudKnox further enables Microsoft Azure Active Directory customers with granular visibility, continuous monitoring and automated remediation for hybrid and multi-cloud permissions. We are committed to providing our customers with unified privileged access management, identity governance and entitlement management including:

• Automated and simplified access policy enforcement in one integrated multi-cloud platform for all human and workload identities.
• The widest breadth of signal-enabling, high-precision machine learning-based anomaly detections.
• Seamless integration with other Microsoft cloud security services, including Microsoft 365 Defender, Azure Defender and Azure Sentinel.”

Microsoft’s acquisition of CloudKnox comes on the heels of acquiring RiskIQ and ReFirm Labs. This is one measure that the company is vamping up the strongest defenses for its customers for the future of hybrid work.

The post Microsoft Acquires Cloudknox Security appeared first on My TechDecisions.

According to Gartner survey, 82% of business leaders plan to let employees continue to work from home in at least some capacity, while 47% plan to allow employees to do so permanently.

Major banks — including JP Morgan and Barclays — and technology companies like Google, Twitter, Facebook and Square are just some of the organizations that have embraced remote work as part of their business models.

In fact, businesses large and small across a wide range of industries can be expected to permanently adopt WFH practices.

Remote Work & Cloud Security

Temporary or not, the shift to remote work has caused lasting changes to the way people work. Even companies that are going back to having an office presence have developed WFH practices and will continue to enhance them, whether by hiring more remote employees, retaining employees who move out of town, or even shifting entirely and permanently to remote work.

More employees working from home means more devices are connecting remotely, i.e. outside of the secured corporate network. As a result, businesses’ control over data is slipping rapidly. This is why it’s so critical to understand what remote workers are doing with that data and rework the new “normal” to make it more effective and secure.

It’s time for organizations to get serious about implementing the security measures necessary not only for securing remote edge devices and entry points, but also to make these measures part of a unified, comprehensive strategy. All of this forms a single, integrated security framework designed to simplify management and expand visibility and control.

Fortunately, most organizations now have the data and know-how necessary to understand how remote work impacts their applications, life cycle, and IT infrastructure, as well as its effect on traffic to applications that are located on-premises and in the Cloud.

The future of work from home security

The consequences of poor cybersecurity hygiene while working remotely can include anything from compromised sensitive data to unauthorized access to the organization’s infrastructure.

Secure communications while working remotely can be ensured by the combination of technical solutions and controls with proper employee operations security (OPSEC).

Typically, when it comes to securing your teleworkers, the first item on the agenda is developing a corporate policy.

Related: What Power Management Solutions Can Do for Your Mobile Workforce

This policy should outline what’s acceptable in a remote working environment, how data is handled, what levels of authorization are available, etc.

Risk-based decisions can also be made depending on the types of devices employees use for teleworking (for example, company-issued devices, personal laptops or smartphones, etc.). Devices that haven’t been issued specifically by the company should be subject to more stringent controls.

Organizations should take these steps to maintain mobile workforce data security:

1. Content storage should be allowed in the Cloud only. Use Cloud- or web-based storage software that allows for sharing and editing of documents (for example, Cisco Cloudlock).

2. Endpoint security using two-factor authentication. This adds a second layer of security when logging in to important applications. Multi-factor authentication uses OTP (one-time password) technology, certificate-based USB tokens, smart cards, and additional advanced security technologies.

3. Any connections to the company’s network should be performed through a VPN (Virtual Private Network), which uses either SSL (Secure Sockets Layer) or IPsec (Internet Protocol Security) to encrypt communications from the remote worker’s machine; This safeguards both the end user and corporate environment, ensuring that no one is able to decipher sensitive data traffic.

4. Risk management contingency plan. It’s essential to have the possibility to either track a laptop or wipe it remotely in case a remote worker loses a laptop with sensitive business information on it.

Security teams have to develop new policies to respond to these challenges. Some of them have already done so, but their work doesn’t end there. They need to communicate those new policies to the entire workforce and train employees on how those changes affect them.

Combining remote workers with Cloud infrastructures can present numerous business opportunities. But without the right cybersecurity and operational framework, the Cloud presents serious challenges that can have far-reaching repercussions.

Juta Gurinaviciute is Chief Technology Officer at NordVPN Teams. This story premiered on our sister site, Security Sales & Integration.

The post Safeguarding Your Mobile Workforce Data Security in 4 Steps appeared first on My TechDecisions.

The Office of the Australia Information Commissioner (OAIC) is taking Facebook to federal court, “alleging the company committed serious and/or repeated interferences” with Australia Facebook users’ privacy.

Australia’s suit claims that that personal data from Facebook users was disclosed to the This is Your Digital Life app, which was built by developer GSR, “for a purpose other than that for which is was collected.” The suit alleges that the app was used by Cambridge Analytica “to obtain and process Facebook users’ data for political ad targeting purposes,” TechCrunch reports.

Most importantly, the suit explains that the people who are most affected by the app are the “Facebook friends” of those users: “Facebook disclosed personal information of the Affected Australian Individuals. Most of those individuals did not install the “This is Your Digital Life” App; their Facebook friends did,” the OAIC said in a statement. “What is known, is that Facebook disclosed the Affected Australian Individuals’ personal information to the “This is Your Digital Life” App, whose developers sold personal information obtained using the app to the political consulting firm Cambridge Analytica, in breach of Facebook’s policies. As a result, the Affected Australian Individuals’ personal information was exposed to the risk of disclosure, monetisation and use for political profiling purposes.”

If Australia wins in court, Facebook could be looking at up to $529 billion in fines. This sum is based upon the logistics of Australia’s Privacy Act: there is a civil penalty of up to $1.7 million “to be levied per contravention,” TechCrunch says. In the Cambridge Analytica case, Australia’s watchdog believes that 311,074 users were affected among the millions of other profiles lifted in the scandal. As a result, “the potential fine here is circa $529BN.”

In a statement to TechCrunch, Facebook said that it has been working with the OAIC and has made changes to its platform to “restrict the information available to app developers.” It also said that it has implemented “new governance protocols” and is building new controls to better protect users.

The post What Decision Makers Need to Know About Australia’s Lawsuit Against Facebook appeared first on My TechDecisions.

The bill, called the Secure and Trusted Telecommunications Networks Act, bans the Federal Communications Commission (FCC) from giving money to American tech companies to buy equipment from foreign companies deemed a national security threat. This includes Huawei, a Chinese company accused of using its tech to spy on the United States and other countries, and currently the largest provider of 5G equipment in the world. The bill also requires the FCC to provide $1 billion to help smaller national tech companies “rip out and replace” equipment previously purchased from “threatening” companies, and to develop a list of firms viewed as a threat.

“Telecommunications equipment from certain foreign adversaries poses a significant threat to our national security, economic prosperity, and the future of U.S. leadership in advanced wireless technology,” Senate Commerce Committee Chairman Roger Wicker said in a statement. “By establishing a ‘rip and replace’ program, this legislation will provide meaningful safeguards for our communications networks and more secure connections for Americans.”

The Hill also said that if President Trump signs the bill, then it will affect rural telecom providers the most; a previous estimate by The Rural Wireless Association from 2018 said that approximately 25 percent of its member companies use equipment from Huawei or Chinese group ZTE.

About Time

Passing this bill is one of the strongest courses of action the FCC has taken against Huawei since the initial concern of spying emerged a couple of years ago. Prior to the bill, the Department of Commerce added the Chinese company to its list of businesses that American companies are forbidden to work with, “though Huawei’s full inclusion on the list has been delayed multiple times.” The FCC also took steps against Huawei in November 2019, when it banned American tech companies from using its funding to purchase equipment from the company, and when the company was marked a national security threat.

The Trump Administration has been pressuring other nations to move away from Huawei as well. Huawei is pushing back – it announced it was going to sue the FCC in December 2019, claiming there is no proof it is a national security risk. As of right now, it seems that Huawei isn’t making any progress with the lawsuit, especially as the United States takes further steps to hemorrhage the Chinese company’s tech from its own businesses.

The post An Update About Huawei: What Decision Makers Need to Know appeared first on My TechDecisions.

Although the penalty isn’t yet finalized, it would be one of the largest proposed by the Federal Communications Commission in decades, and the first action taken on the issue of customers’ location data being sold. The four wireless carriers will be given the opportunity to respond and argue against the fines, the New York Times says.

The Federal Communications Commission will fine the carrier based on the number of days their customers’ data was sold. Senator Ron Wyden of Oregon, one of the first to raise major issues with data sharing, called the fines “comically inadequate” to deter companies from repeating these offenses.

Who Cares if They Know Where I Am?

Selling customers’ location data is a particularly big deal because it can potentially put users’ safety and privacy at risk; anyone who has a mobile device is at risk. But, for carriers, customers’ location data has always been a goldmine: “it was consistently available and included almost every American with a mobile phone. Carriers sold access to it for marketing purposes and services like bank fraud protection, under contracts that required location companies to get customers’ consent,” The New York Times says.

The telecommunications industry is supposed to be “subject to more stringer laws” to protect users’ privacy, but that hasn’t always been the case. Companies have not always followed the contracts made with customers, and had little way of enforcing them, which enabled customers’ personal data to be open and fair game for usage; this includes law enforcement officials obtaining and using data to go after persons of interest. As a result, the Federal Communications Commission found that major wireless carriers had broken federal law “by being negligent” with users’ data.

It will be interesting to see how AT&T, Sprint, T-Mobile, and Verizon react if the $200 million in fines is enacted. Will it be enough to tighten their methods of securing users’ data? Or will it be a slap on the wrist, provoking them to making money off of their users without users’ knowledge? Then, there are the users – will they snap to attention and take their business elsewhere to a more safety-conscious carrier? Or will they stay with a carrier that may have betrayed their privacy? Only time –and fines – will tell.

The post 4 Wireless Carriers Might be Fined Millions for Selling Customers’ Location Data appeared first on My TechDecisions.