With data breaches and cybercrime on the rise, how can ordinary consumers determine which companies can be trusted with their personal data, and which ones can’t?
Here are some factors to look for that indicate user privacy is a top priority:
How big is the company’s security team?
Fairly straightforward, size investment is often a good indicator that a company cares about securing the data of its users. So how can an ordinary person find out how many security personnel are employed by a given company?
Simple: Google it. This information can usually be gleaned by running a simple Google search. Alternatively, consumers may take to LinkedIn and other social media to get an idea of how many people with a certain job title are employed by the company they’re researching.
How does the company respond to consumer tips about potential security threats?
For more tech-savvy consumers, identifying a security vulnerability and sending it in is a great way to evaluate a company’s commitment to data security. Not all that tech-savvy? It’s not against the law to send in a dud (i.e. make up a fake potential security vulnerability to inquire about) just to test the waters.
After the security tip has been submitted, evaluate the following: How does the company respond to being alerted to a potential security concern? Is the response mature? Is it prompt? Does it seem competent? If the answer to any of those three questions is no, it could be a sign that security measures for that company are lacking.
Does the company have a transparent, public-facing “bug bounty?”
Companies that are serious about data security will often offer a monetary reward to anyone who can find and identify glitches, loopholes, or workarounds in their security that could be exploited by hackers.
In general, the higher the bounty, the more difficult it is to find security flaws. For example, the communications giant, Telegram, offers a $200,000 bug bounty to hackers who can help them plug hidden security holes they may have overlooked that could compromise their users’ data. However, the hefty sum offered by the company says: “Good luck finding one!”
Does the company make it easy to report security vulnerabilities?
If an ordinary person cannot easily work out how to report security concerns to a company, that’s a huge red flag that their security isn’t up to par.