Back-to-Basics with Borderless Behavior: 3 Industry Experts on the Challenges of Data Privacy Today

Q1: At NeuroID, we often compare our digital behavior to reading physical body language, which is maybe the most basic first-step to assessing someone’s behavior in-person. What other ways does that theme of “back to basics” resonate with you?

Shane: To me, it means making sure we’re doing all the best mitigations to protect the data we collect. There are a lot of obvious things that you often lose sight of when you want to protect data, as you can get caught up on all these new tools. But often it’s the simplest things that provide the best coverage. Part of that is thinking about the data we are collecting: do we really need the data we’ve got—how are we using it, how are we storing it, how are we protecting it, etc. Then, doing that overall assessment of how the business is aligned on data and personal information protection.

At NeuroID, one of the things we do is to help reduce that footprint, and really reduce the sprawl and proliferation of Personally Identifiable Information (PII) when businesses integrate with us. We do not rely on having to extract PII as part of our solution. Businesses are struggling with balancing being smart about what they collect, and NeuroID is a huge part of being smart and making sure you’re doing the right things with private data.

Q2. What are some common misconceptions you’ve run into about privacy and data protection, and how can they be addressed? 

Shane: People often assume that the website or digital business they’re interacting with is doing the right things to protect their data. But when you live in the IT world, you realize it’s a real challenge to protect data. Especially today. It used to be that one business would build the data management internally and own every part of the IT infrastructure. Even though there was risk they could mitigate it and there were lots of standard techniques for protecting data. Now, to build and protect services you’re often leveraging third parties. For example, any data you’re entering to your personal bank is really being proliferated to other environments as well. The onus is on those businesses to do due diligence and make sure everyone is doing the right thing. But the sprawl is the problem: your data is ending up in many more places. You have to be careful and not make assumptions that the right thing is being done at all times. 

Q3: What are some easy things people and businesses can do to better ensure a high-level of privacy for personal data and information?

David: I can boil it down to five things.

1. Passwords. Make sure they’re unique and not easy to guess. It’s good security hygiene to make sure you’re leveraging strong passwords.
2. Multi-factor Authentication: Most providers today have two factor authentication available. Enabling some form of multifactor authentication to protect your online accounts makes it much harder for fraudsters to gain access. 
3. Privacy Settings: You want to make sure you know what’s being disclosed. Look at the privacy settings on any social media account you have, for example. Privacy settings awareness helps you really control what you share with some of these other providers, especially as PII becomes much easier to access through these means.
4. Encryption: Make sure that any sensitive data is encrypted. Most people today think about how to protect their email from being compromised or solely digital world threats. They forget the very “back to basics” threat of hardware vulnerabilities, such as an easily stolen laptop. Encryption on your device ensures that if a fraudster gets ahold of your physical machine it’s essentially useless to them.
5. Awareness: Stay aware of common cybersecurity threats. This is where companies can help employees with training and make sure they’re following best practices, especially with many changing, complex data privacy regulations: GDPR, CCPA, BIPA, etc. There are so many different regulations that continue to be introduced and there’s a lot of complexity there. When you think about how you validate whether an applicant is authentic or not, it’s helpful to leverage a solution like NeuroID to analyze their behavior and determine whether or not they’re a genuine individual without requiring PII to validate their identity, so you don’t have to worry about data privacy regulations.

Q4: What role does technology play in ensuring digital privacy and data protection, and how can new technology be leveraged to improve privacy practices?

Jacky: Building on what David said about the complexity of regulations, enabling a software like NeuroID’s behavioral solutions avoids these privacy regulations around data capturing. These regulations are very complex and can lead to huge fines and consequences. Our behavioral analytics, which don’t capture data, are very helpful for companies when they want to start getting their arms around this fraudulent behavior without data privacy issues. State regulations will increase throughout the nation around biometric and PII capture, and we hear from our customers that it’s very useful to know they can protect the company from fraud without collecting the type of information that’s being regulated. When we talk to our customers, they love our solution because we are giving them a huge amount of protection without having to comply with these huge rules and regulations. NeuroID is a best practice around both improving data privacy and protection, without red tape from regulators or compromising the user experience.