In a recent settlement, the Federal Trade Commission is now requiring ridesharing company Uber to undergo 20 years of privacy and security audits. These requirements come after the FTC accused Uber of not adequately protecting data in 2014, after the company announced that it was using God View, a software program to monitor real-time locations of customers and drivers. Uber claimed that its internal policies prohibited employees from accessing consumer or driver data. The company was fined $20,000 by the state of New York after an investigation of how Uber used the software. The settlement from the New York suit required Uber to encrypt rider locations and also adopt multifactor authentication.
The company also suffered another data breach which compromised the names, driver’s license numbers, and Social Security Numbers of over 100,000 Uber drivers. This data was stored in a datastore operated by Amazon Web Services. The customer data was also unencrypted. The FTC says that the system Uber used was not designed or staffed properly to handle ongoing review of employee access to customer and driver data. The FTC’s investigation did not delve into Uber’s use of “Greyball,” a software used to avoid the enforcement of local taxi laws.
According to the FTC, Uber misled consumers by saying it closely monitored employee access to customer data and secured the personal information that was stored on third-party servers. The FTC also said that Uber failed to use adequate and recommended security practices like multi factor authentication, which would have prevented driver information from leaking. Because consumers are becoming more concerned about their data security, below are five tips for companies that want to protect their customers’ confidential data from unfettered access:
1. Limit user access: One way that Uber could have avoided the investigation from the FTC is by having used Endpoint Management Software to monitor and limit employee access to data. Companies should prevent lower-level employees from accessing sensitive data. They should also prevent most employees from having free access to customer data, especially of the employees are untrained in cybersecurity safety.
2. Monitor networks: Companies that store customer data should regularly monitor their networks for unauthorized access. Regular monitoring will reveal if an employee is compromising customer data or using it for suspicious purposes. Continuous network monitoring will also reveal unauthorized software. Employees might inadvertently download third-party software that could actually be malware. By monitoring for unauthorized third-party software, companies can prevent malware from going unnoticed on their networks.
3. Conduct audits: Companies should conduct audits to uncover vulnerabilities in their networks. Security gaps that go unnoticed can be easy ways for hackers to infiltrate a network and steal customer data. By conducting audits to find vulnerabilities, companies can quickly patch up security gaps before a hacker has the chance to exploit them.
4. Encrypt data: If Uber had encrypted customer data, they could have stopped it from becoming compromised. Encryption provides another layer of security that can prevent data from falling into the wrong hands.
5. Use multifactor authentication: Passwords can be deciphered by algorithms, but multifactor authentication gives users additional way to verify their login credentials. By requiring multi factor authentication, companies can prevent data from being compromised through stolen login information.
Endpoint management software can help organizations monitor unauthorized access on company networks. With strong endpoint security software, companies can keep track of the consumer data their employees are accessing, and block employees from accessing confidential information. Companies can keep their customers’ data secure and uncompromised through the use of Endpoint Security, thus building up trust in the company.