Working in ad-tech makes me more security aware

Unsurprisingly, leading the marketing group in a company operating in the advertising technology space makes me a better marketer. But, unexpectedly this time, since joining Creatopy I’ve got quite a few security-related insights, especially around the topic of data protection and data privacy.

For good reasons, there is a lot of noise about cyber threats, about people and groups that illegally access personal data to reach a variety of goals – from politically motivated cyber-attacks to pure profit. Individuals and organizations should strive toward protecting their digital assets against these scenarios.

But chances are personal data is legally used for purposes in most cases users are not aware of. In recent months I became much more sensitive regarding the data that is NOT exfiltrated from us but it’s actually given away willingly or unknowingly.

So, why did working in ad-tech help me to increase my security awareness? This is due to most of the “gave away” data being used for profiling and targeted advertising. This use case is today under heavy fire because of the tightening legislation and better user awareness. But fortunately, this is in general a safe scenario and there is a reasonable degree of transparency for the user.

The problem appears when the internet user is NOT aware of what data is given away and to whom. Let me give you two examples.

Consumer grade surveillance cameras with cloud recording are becoming increasingly popular. They are very convenient and provide quick remote access to live video streams. Recordings are also easy to check. But… not only for the owner. Amazon recently admitted providing access to Ring’s recording to police. While this is legal, are all Ring users comfortable with this undisclosed access to recordings?

Second example: Your phone knows more about you than your mother does. Some applications request a long list of access rights and most users, in a rush or unaware, are accepting it. Should anyone (exaggerating a little) know when I’m leaving home and my typical way to work? Or should all your followers know your morning running routine? Do you even (personally) know all your followers? I suppose not.

This list can go on for very long, but more examples are not as important as the principle. For me, working with sensitive data made me much more aware of privacy issues. Am I suggesting stopping the use of digital services, apps, or gadgets? No, I don’t even think it’s possible in our interconnected world. But awareness and responsibility are essential. Taking time to read before accepting the Terms of use or acquiring a product is somehow costly, but it is our responsibility to verify before entrusting our data to anyone. The consequences of being careless with sensitive data can be very damaging. Regulations protect us to some extent, but once given away, the real control over data is gone.