Want to harm your customers? Let their email addresses slip out of your grasp and into the hands of hackers. That’s the sum total of a new study by Clutch, a B2B research firm.
Of 302 Web site managers surveyed, 57% said they collect email addresses -- more than any other data point. Yet these addresses are the most dangerous information you can store, according to Clutch.
They are the main identifier being used across devices and channels.
They are the thread through which hackers can connect several accounts online.
They are the route to sensitive personal details, from financial information to medical data.
And they are not protected: Of the Web site managers surveyed, 63% admit that they do not use common safety measures to guard data.
“There’s room for improvement when it comes to how website managers secure their sites and protect Internet users’ privacy,” writes Michelle Delgado, a marketer and content developer at Clutch.
How do bad actors misuse this precious piece of data?
“When data is correlated over multiple web services, whether that is a Gmail account, a bank account, a password retrieval from Facebook, family-oriented documents, travel-agency information, and so on, it is done through the email address,” says Idan Udi Edry, CEO of Trustifi, a data security company, according to Delgado.
The study shows that email addresses are stored even more than names. And the two are pure gold when hackers have both.
“With an email address, [a hacker] won’t have to work a lot in order to retrieve privacy information,” Edry adds, according to Delgado. “The combination between [an email address] and a name is enough to start the reconnaissance on someone as a user.”
There’s another risk when you throw in a credit card number and a home address: The hacker can make unauthorized purchases, Delgado notes.
The answer is encryption -- a process that “translates data on your website into a code that renders it useless to anyone who attempts to hack in,” Delgado writes.
But that practice seems to be at the bottom of the list when it comes to safety measures. Password protection is the top one, utilized by 72%. In contrast, encrypted pages are used by 37%.
Delgado writes that “around 40%” have encryption in place. On the positive side, 21% are planning to adopt it this year.
Why are so many sites unprotected in general? Michael Tys, a mobile developer at TechMagic, told Clutch that cumbersome user experiences may explain it.
As for storage, the survey shows that 48% of the respondents store user information on the Web site, 46% on a third-party app and 25% offline.
Delgado recommends that you begin with an audit of the information you’re holding. Do you really need it?
“Although some pieces of information, such as a site visitor’s date of birth, may seem benign, given how commonly we use birthdays in passwords, it may have larger implications,” she writes.
Next, think like a hacker. Delgado lists four questions you should ask yourself. We quote:
What other accounts might ask for these pieces of information?
What does this information reveal about the user’s identity?
What could hackers potentially guess if they obtained this information?
How concerned would I be if a hacker had this piece of information about me?
Finally, choose a tool. There are many encryption products available, including
Which one you choose depends on “your operating system and the amount of information you need to encrypt,” Delgado notes.
Now let’s review the stats. Here are the most collected pieces of data:
Here are the methods used for protecting data: