Express User privacy naked Ben: How to do a large data protection?

The concept of large data is in the ascendant, the user's name, mobile phone number, address, etc. become the most basic component of large data. With the development of electronic commerce and internet finance, enterprises can collect these users ' information more quickly and comprehensively, and store and analyze the data so as to realize commercial purpose. But data security is often ignored by some enterprises. As a result of the development of the electric industry to bring the rapid advance of the express industries, which makes the express company to become the internet giant after the user has the largest number of personal real information role. However, in the current domestic express industry, it is clear that data security is not enough attention. Large data is a double-edged sword, with good can improve efficiency, if the criminals use, the consequences are unimaginable ...

Express industry "chaos" throughout the current express industry, in addition to the "four to one" and Fung, the region is also scattered tens of thousands of large and small express companies, these companies are highly irregular management, user information is in this flawed network "naked". It is understood that in the distribution of orders, user information is clearly synchronized to the company's computer, and this part of the data can be stored for a long time. On the other hand, the return of order distribution (display user information) is also concentrated in the joining company. and the Electric Business website cooperation, is also similar pattern, the electricity merchant's data and the express Company share. In fact, some large express companies have regulations, the face of a single time to focus on the destruction of the computer data will be regularly cleaned, but in practice, these provisions are difficult to bind. For example, this data is in a computer hard drive, a courier can be transferred at any time. There are also problems in the delivery of single processing, as a result of tens of thousands of copies a year paper express single difficult to store, some do waste paper to sell, some more directly sold to "customers", they are mainly sold to some shop owners, or some of the big retail enterprises, shopkeepers and enterprises to get this part of the data for marketing, for them, Two or three cents a single face price is acceptable. And express Company also by the way "waste" use, increase income. Some companies will also require the installation of firewalls, even the security system on the line, but for the express company, this is a great cost. Because the current industry average profit rate is only about 10%, each Express company is just a token to buy some cheap firewall software, as for internet companies commonly used data leak-proof technology, most of the express company will not consider. In the express industry data security protection level is generally poor, such as the site more loopholes, repair is not timely, operational personnel security awareness weak (use weak password) and so on. The main reason for this problem is: because the vast majority of courier companies do not have professional security operations team, or even the site do not have basic security protection, and some express company website simply entrusted to the outsourcing company operations. This makes the website flaw long-term not to be repaired, for example the security company many times early warning Struts2 code execution and so on high risk flaw, still has the express company website not to carry on the repair. In addition, the weak password problem in the Express industry is also very prominent in the recent exposure of the express industry data leakage incident, the criminal suspect is to use a weak password into the courier company Web server management backstage, thereby stealing the user database. Backward security technology configuration, as well as irregular management system, making the express industry in recent years the user information leakage of the hardest hit, online is very easy to be hacked. The "Big data" concern, according to statistics, in addition to the express industry, domestic health, education and training, tourism hotels, Living real estate, recruitment and other industries, such as network security problems are particularly serious, these industry sites have loopholes and was implanted in the back door ratio are relatively high, but also the target of hackers focus on attacks. Because the above industry's user data involves a lot of personal privacy information, such as health status, resume, contact information, travel records, etc., once the hacker attackHit, the harm of data leakage is no less than express data leakage incident, and the previous exposure of 20 million hotel opening records have sounded the alarm. Not so long ago, a city's health-care website was found to be a high-risk loophole in a white hat, with 1.5 million of maternal information running naked on the internet, which could be hijacked by hackers at any time. Users through a variety of accounts log on the Internet, there are many links will leave traces, and to provide easy access to hackers. When you first log in through a browser, if the cache is not cleared in time, the hacker can easily access the data, and then data transmission, if not encrypted, the information will also be intercepted, the last step of storage, many enterprises are plaintext (unencrypted) storage, as long as the hacker breached, easy access to data. Most of the domestic enterprises still use the traditional network security management methods: Technology through the firewall, encryption and other technologies to prevent, at the same time, the pyramid structure to set permissions, through the management system to prevent, and in the network environment and physical environment on the large data business isolation. Convenience and security the contradictions will continue. However, in some information, there are already provisions to prohibit the Web site record user information. For example, UnionPay for credit card network payment has regulations, the website prohibits record user's credit card password, validity period and CVV code (credit card authentication code). But whether this ban on records can be extended to the whole industry is hard to say, such as in the field of electricity, prohibit the platform to record the user's consumption trajectory, will inevitably cause the platform side rebound. One side is the continuous concentration of data, the application of large data gradually landing, while the more and more data disclosure cases. So want to fundamentally solve this problem, in personal protection consciousness, network security protection technology and industry management system above still need to improve.