Best practice to keep your trade secrets private: avoid Password Managers

  • By Paul Rubell
  • 17 Apr, 2017

Information is the currency of 2017. For this reason it is mission-critical to keep data currency safe, secure and private. Just as gold bricks should be stored in a physical safe, data needs to be kept secret electronically.

Passwords are the key to enter the digital vault. Strong passwords are designed to thwart hacking attacks but their drawback is that they can be difficult to remember. A weak password such as “123456” can be memorized, but a more clever password like “A1@b2*C3(d)Zx4#” can be readily forgotten. And when numerous passwords are deployed to protect data further, the problem is exacerbated. There are many ways to keep track of passwords. Although no single method is fool-proof, some techniques are more iron-clad than others.

In order to achieve data privacy, software developers urge their customers to purchase password manager applications. Some apps store passwords in the cloud on a remote web server; others host the electronic keys locally on a mobile or desktop device. In addition, some apps generate complex passwords using mathematical algorithms and store them in a data capsule. No matter how an app’s technology functions, the unifying theme is to secure all points of entry to electronic information in a single place. Experts urge us to use password manager applications for this reason. By the way, it does not matter whether an app is free of charge or not. What really matters is the app’s functionality and security.

As a result, many people download password managers for their Android phones such as LastPass, Keeper, 1Password, My Passwords, Dashlane Password Manager, Informaticore Password Manager, F-Secure KEY, Keepsafe, and Avast Passwords. Each of these popular apps has been download from the Google Play store between 100,000 and 50 million times. What a relief to know that one’s data currency is secured and encrypted.

Unfortunately their security is just vaporware. On February 28, 2017, a group of German security experts issued a report showing that all nine of these apps contain vulnerabilities that make them susceptible to compromise by hackers. In some cases the master key that locks the cryptic safe is stored in plain text, visible to the naked eye let alone to a computer. In other cases features that have been designed to make the apps user-friendly, such as auto-fill, are themselves insecure. To make this point crystal clear — the software developers built their apps with vulnerabilities built in.

Relying on an app in the cloud to keep a company’s trade secrets private is irresponsible.  If you need a financial incentive to protect your company’s golden eggs, you should be aware that some cyberliability insurance policiesexclude data breaches from insurance coverage, if the breach might be related to the company’s use of insecure software applications such as password managers. It is incumbent upon each of us to design protocols and corporate policies that maintain the integrity as well as the privacy of the gate-keepers to our most important and vulnerable trade secrets.

Caveat emptor. Let the buyer beware. Best practices demands more from each of us than downloading apps from that iCandy Store in the Cloud.” The Google Play store is insecure, as are the password manager apps that are available for download there. After decades of building your business, it is reckless for you to rely blindly on public software to protect your golden goose. Your company does not want to litigate and you do not want to lose a shareholder derivative lawsuit claiming that you breached your fiduciary duty by failing to secure information.

Take due care and exercise due caution. Get expert advice. Purchase cyberliability insurance. Develop best practices. Build a digital Fort Knox to keep safe your business’ trade secrets.

Cyberliability and Privacy Issues in the Food and Beverage Industry

By Paul Rubell November 2, 2018
Cyberliability and privacy are very important to the food, beverage and hospitality industries. Today the industry faces many 21st century risks. Paul Rubell addresses these risks.

Europe Can Regulate Your Company's Facebook Page

By Paul Rubell July 16, 2018
by Paul Rubell, Esq. Every company in the world that has a Facebook social media page may be subject to the European Union’s newly-enacted GDRP (General Data Protection Regulation) and the chokehold of EU law enforcement. Many businesses wrongly believe they are not collecting personal data via their Facebook pages but that is likely not […]

USA indicts the Chinese hacker who breached Anthem’s website

By Paul Rubell August 30, 2017
  by Paul Rubell, Esq. A 36-year old Chinese national from Shanghai has been indicted by a federal court in California for transmitting malicious software tools to companies located in the United States. Yu Pingan was arrested on August 27, 2017 when he arrived in the United States to attend a conference.  Pingan used the online pseudonym […]

Are violent selfies protected by the Constitution?

By Paul Rubell April 29, 2017
Taking videos is a form of expression that is guaranteed by the Bill of Rights. However, even free speech has constitutional limits. For instance, if you shout "fire" in a crowded theater, you can be arrested and the 1st Amendment will not protect you.

Not best practices: Apple’s iCloud is neither private nor secure

By Paul Rubell April 17, 2017
by Paul Rubell, Esq. Can your business survive a massive data breach? If your business stores, backs up or syncs its data to the cyber cloud, take note. Apple’s iCloud is currently the subject of ransomware. As you will read, the moral to this article is that confidential business data, trade secrets, customer lists and […]

Twitter says hello to hacking; Users say goodbye to privacy

By Paul Rubell March 16, 2017
Enjoy my newest article. You can read more on my blog at paulrubellblog.wordpress.com.

Awaiting the President’s Cybersecurity Executive Order

By Paul Rubell March 13, 2017
by Paul Rubell, Esq. Witness today’s risks of cyber crime.  Hackers, bad actors and foreign governments have long had the ability to assault our Nation. Current events have opened citizens’ eyes to the reality of the cyber threat. It is remarkable how the public has either forgotten or turned a blind eye to well-known security […]

Net Neutrality is No More

By Paul Rubell March 3, 2017
By Paul Rubell, Esq. Internet users have been suddenly stripped of an important source of privacy protection.  On March 1, 2017, the Federal Trade Commission (FTC) and Federal Communications Commission (FCC) abruptly suspended the net neutrality rules that had been scheduled to go into effect on March 2nd.  Internet users in the United States have […]

Cross-Browser Tracking: It’s time to update your Privacy Policy!

By Paul Rubell February 16, 2017
by Paul Rubell, Esq. It is remarkable that many companies do not know the vastness of private information they obtain from their social media and website.  It is essential for every business to understand its legal responsibility to protect their customers’ personal information. OLD NEWS:  Web browsers can follow your voyage through the Internet. Firefox, Internet […]

The Internet of Things is not especially secure

By Paul Rubell January 24, 2017
by Paul Rubell, Esq. Cameras and other surveillance devices are supposed to protect your home. It’s kind of bittersweet, then, that these devices are not especially secure themselves. Hackers can turn home protective devices such as cameras against their owners.  IoT cameras can unlock the door to your home instead of safeguarding it. Samsung’s SmartCam […]
More Posts