Companies Should Embrace Personal Privacy
If you maintain customer data, somebody wants it.
Customers May Not Yet Appreciate Extra Protection
- Greed – Multi-million dollar fines
- Fear – Devastating repercussions of data misuse
- Altruism – Desire to protect customers
- Envy – Prevent competitors from having advantage
- Pride – European customer approval
- Shame — Castigation for non-compliance
- Need — Responsibility to protect data
Many companies have poured tremendous resources into compliance. Others must change their entire business model or retool software. Whether the reaction to GDPR stimulates or cripples the economy is yet to be seen. But it is something long overdue.
Video: How data brokers sell your identity
You Are A Target For Attack
If you maintain customer data, somebody wants it, and the more information you have about each one, the better. The primary method in the past was to sell databases. Today, participation in social media or use of apps provides companies with comprehensive profiles of user likes and contact information. While some of these acquisitions of personal data are quite sophisticated, other threats amount to old-school hacking:
- Multiple human/mechanical login attempts
- Outdated hardware and operating systems
- Sign up for newsletter to gain host email
- Attempt to hack online customer lists
- Deploy [ro]bots to scavenge emails from Web pages
GDPR is a two-edge sword: Better data security thwarts breeches. But, some hackers take on increased security as a challenge; others target companies who fail to update infrastructure.
ClinicalPosters.com began migrating to a more secure e-commerce platform in December of 2017, with an official launch in January 2018. Reformatting all the content is a lengthy process. So prior data was archived at ClinicalPosters.net. Then suggestions in the article entitled, Will Companies ‘Brexit’ EU Over GDPR? were applied.
ClinicalPosters.net: This is an archive that is progressively being dismantled:
- Site placed behind firewall
- Enabled site-wide SSL encryption
- Shopping cart disabled (.net)
- European Union access blocked
- Customers’ names and contact info removed
- Hotlinking images disabled
- Key pages redirect to ClinicalPosters.com
- Suspicious activity monitored 24/7
Even if it were possible to breech the firewall, there is no private data of any value there. Disablement of hotlinking prevents new images from being added to Google or Pinterest from the archive site (inverse SEO). Access is denied an average of 15,000 times per month on ClinicalPosters.net.
ClinicalPosters.com: For added data security on ClinicalPosters.com, multiple firewalls are used. No threats have been able to penetrate the first level. Robotic access detection has been enabled. Abnormal login and contact-form use triggers a human challenge. Due to past abuse, the contact form page scans visitor browser for detection of a robot before allowing access. Essentially, there is a firewall around the contact form to protect data. Malicious attacks are thwarted about 1000 times per month on ClinicalPosters.com.
To better manage versions of photos, the hosting platform scales images to appropriate resolutions on the fly. This technique allows only 10 percent of overall content to benefit from content delivery network (CDN) caching. But combined with other techniques, pages are delivered an average of 40 percent faster.
Speed boost details
Suppose our host is in New York City and you are located in Seattle. East coast visitors enjoy much faster delivery of content than west coast visitors. Moving a few megabytes of data 3000 miles takes a couple of seconds longer. ClinicalPosters has activated a CDN. This stores static page elements in different regions so they arrive more quickly when requested.
One of the largest bottlenecks comes from pages with many images. Often, there is a desire to have large representative product photos. It is possible to scale these down to form a grid on a shopping page without reducing the resolution. This adds up to a significant amount of sluggish data. A better option is to create smaller low-resolution versions of the main images. Then, you need to keep track of two versions. Each each instance of an image at a different size requires another version.
Browser cookies can be a good thing on a trusted site. They help identify your preferences and alow site owners to see how frequently pages are visited so navigation may be improved. Most cookies are sessional, meaning they expire when your session is done. Out of an abundance of caution, European visitors must enable cookies to enhance their browsing.
- Cart Harmony — Ongoing evaluation
- Social media login — Removed
- Simplified mobile checkout tool — Removed
- Admin order editing — Replaced with customer edit
Without revealing all security measures, we want customers to rest assured that there are failsafes in place to protect personal data. So for all the headache GDPR has caused, companies like ClinicalPosters can feel thankful for the motivation to increase security.