At the end of March, Congress voted to overturn privacy rules introduced by the FCC under the previous administration. The FCC’s rules were intended to protect user privacy by controlling what Internet Service Providers could do with user data without the permission of users. ISPs have access to sensitive data and are now able to pass much of that data to third-parties without seeking permission. The removal of the privacy rules was supported by most major ISPs because data is a valuable asset.
Your business’s Internet Service Provider collects a lot of data about how your business uses its networks and the data that flows between it and the internet. The collection of that data isn’t malicious: ISPs need to be able to route data around their networks and onto the open internet in the most efficient way possible. To do that, they need to know about your business’s usage patterns, which domains users within your business connect to, and often the type of data that travels over the network.
Under the previous rules, they were not able to pass that data on to third-parties. Because the rules have been overturned, it’s likely that many ISPs will exploit it for profit. Both companies and their customers are affected. The ISPs have data about how your business connects to the internet, but also about how customers connect to the services and applications you host online.
Is there anything your business can do to protect its private data?
Steadfast wants to clarify that it has never, and will never, sell or give client data to third-parties. We are an infrastructure hosting and managed services provider, and part of our promise to you is that we will protect any data you entrust to us.
But we don’t control the last-mile networks that connect your business and its customers to the internet. Those parts of the network are owned and run by Internet Service Providers.
There are many ways you can help protect the privacy of your business and its customers and employees.
Use SSL / TLS to encrypt data
Sensitive data should be encrypted before it is transmitted over the internet. That includes data that travels between your servers and your users’ browsers, and any connections made by internal or hosted systems to the internet. SSL encryption prevents ISPs and other network operators from seeing the content of connections. All sensitive data should be protected by SSL / TLS encryption.
Use an SSL VPN for sensitive business operations
Although certificate-based encryption of data transmitted between a user and the open internet prevents third-parties from seeing the content of data, they are still able to see where the data is headed — ISPs and network operators need to be able to see domain names and IP addresses to route data to its destination.
To obscure this information, companies can route sensitive data over a virtual private network. With an SSL VPN, all data travels through a secure encrypted tunnel between the client and a VPN node controlled by the company or an infrastructure provider. Third-party networks can see the IP of the VPN node, but they can’t see the final destination of the data or its content.
Virtual private networks can be used to protect internal networks from snooping, and to protect data from external sources, such as employees who need remote access to sensitive networks over the internet.
If you’re worried about how changes in privacy rules will impact your company and its customers, feel free to get in touch with our security experts, who can advise you on a wide range of managed security solutions, including VPNs, data security and encryption, email security, and managed firewalls.