Is it Safe to Assume That…?
A common phrase often makes me cringe: “Is it safe to assume that…?” The answer is… rarely. Specific questions like “Is the sky blue?” can safely be answered with a simple yes. But even then, if you do a little research, you’ll find that the precise answer is often more technical and nuanced than a simple yes or no.
When it comes to information security and privacy, assumptions can be more than just risky—they can be downright dangerous. That’s why security practitioners explore concepts like zero trust, least privilege, and risk management. In the context of data security, you should never assume anything. The potential consequences of such assumptions can be severe, highlighting the need for a proactive and comprehensive approach to data security.
In a 2022 ruling by the United States District Court of California, The Federal Trade Commission (plaintiff) brought charges against a data technology Company (the defendant) for unfair and deceptive marketing practices directed at consumers seeking loans. The court found the “Company” liable, and the verdict was in favor of the FTC’s complaint, citing that:
[The defendant] “has no program for investigating whether sensitive consumer information it furnishes to potential purchasers is safeguarded or used for purposes other than offering a loan. For example, “seeding” data by adding unique dummy data is a common technique to detect leaks or breaches in data security, and to monitor how data is being used. [The defendant] has the capability to “seed” the consumer information it distributes. Nonetheless, [the defendant] has not implemented a program to regularly seed leads to test for security breaches, or to detect how leads are being used by their direct and indirect recipients.”
The reality is, even the most security-conscious companies are often burdened with a manual and laborious process of ‘seeding contacts’ to detect data breaches, vet data partners, and maintain compliance. This process involves spreadsheets, tedious tasks, and even the use of personal contact records or, in the worst cases, real consumer records. The inefficiency and potential risk of this approach can be significantly reduced with a more automated and streamlined solution. This solution is honey tokens, otherwise known as Assumed Seeds.
Good companies are already seeding their contact databases or honey pots to monitor for data breaches and maintain compliance with various regulations. These companies often rely on managed security service providers (MSSPs) or consultants to help them audit, test, validate and perform activities such as data mapping and leak detection. A solution like Assumed Seeds can help these businesses – companies large and small, MSSPs, and consultants – become more efficient in the process.
With Assumed Seeds, you can automate your processes and eliminate the manual pains of creating seed contacts. You won’t need to use your own email addresses or phone numbers, or even real consumer data. Assumed Seeds makes it as easy as purchasing artificial contact seeds, planting them where sensitive data is stored, and monitoring your inbox to determine how consumer data is used and shared. This way, you can ensure that these practices comply with your internal policies and the constraints of federal or local regulations.
Find out how Assumed can help you do more – and more efficiently – to protect consumer data, test and audit, and maintain compliance than you ever thought was possible. It’s safe to assume that Assumed Seeds can positively impact your security posture and help you navigate the complexities of data protection to benefit your business and consumers alike.