May 29, 2020

How Do I Protect My User’s Data in Transit?

Imagine you are transferring a simple Excel spreadsheet to your co-worker.

Even if your company has a tough security policy at the office, all of your security controls go out the window as soon as it leaves your company’s server.

Data - such as that Excel file - is transmitted over networks in hundreds or thousands of small “packets”. Packets are tiny chunks of data that are broken apart, sent, and then reassembled when they reach their destination.

Think of a transporter from Star Trek. It breaks a human into a billion particles, then reassembles the particles down on the planet surface.

Files Go Everywhere (Before Going Where You Want)

You want to send a file to your friend in the next room. And your computer is connected to her computer by a single network wire. There is nothing between you and your friend. It’s a direct connection.

In this scenario, there is no possible way for the data to be intercepted.

Now, imagine that you remove that wire. Instead, you both connect to your home router. What's now between you and your friend is one router. We call this a “hop”. Before getting to your friend, the data has to make one hop through the router.

It’s no longer a direct connection.

If a malicious thief wanted to steal your data, they could hack into your router and intercept the  data before sending it along to your friend. It could be invisible.  Since your friend still received the file, you wouldn’t know anything happened along the way.

Your Internet Provider Hops a Lot

Now let’s go wider, and outside of your house.

You’re in your Texas office one day, overseeing your company “CattleProds.net”.

Your supplier in China - who makes the cattle prods - is willing to drop-ship customer orders directly to their doors.  This is great!  It saves you the trouble of packaging and mailing them to your customer yourself.  What a relief.

All you have to do is send your customer’s details to the supplier every time there is an order.

So the next time you get an order, you email a file with the customer’s name, address, phone number and (gasp!) credit card number to your supplier.

The file is broken into pieces (“packets”) and has to hop through dozens or even hundreds of routers before getting to your supplier overseas:

  • First to your ISP;
  • Then to a regional network hub;
  • To a national network traffic hub;
  • Then, the undersea Asia-America gateway - a 20,000 k/m wire that connects the US and Asia;
  • Next to a Chinese traffic network;
  • A local city network in the Chinese city;
  • To your customer’s ISP;
  • Their company’s router…

AND FINALLY,

  • To their desktop computer.

That’s the most direct, simplest path it can take, and in reality it may bounce around to 100 locations in the US or China trying to find the fastest route to the Asia-America gateway and back.

Every Packet, Every Time

And here’s what makes this exponentially worse.

It’s not just one file hopping around. Every single packet has to make this journey. Thousands of tiny pieces of your file, all vulnerable to attack and all trying to reach China.

Sometimes they go the same way.  Sometimes the packets will hop to completely different paths. Some might use the US-European cable to get to China instead, or skip wires altogether and go via satellite.

And EVERY SINGLE TIME a packet “hops” through an ISP, a satellite, or changes directions on its journey across the ocean - the data could be intercepted and stolen.

If you send your file without encryption, it is open for any server in the chain to not only read the messages while handling the data packet movements, but also to read the forwarding IP information.

The solution is to encrypt all data before sending it. Data encryption provides the highest level of security for data in transit.

Encryption Requirements for GDPR and CCPA

The GDPR recommends that organizations incorporate encryption techniques to protect customer’s data, and to minimize the risks arising from data breaches.

In the California Consumer Privacy Act, there is no mention of data encryption methods or any suggestion for best practices.  However, that doesn’t mean you’re off the hoop. Even though the CCPA doesn’t suggest any methods, you’ll still be liable if the data is breached.

A breach could cost as little as $750 per incident and even more if there are actual damages incurred by a customer: for example, if someone’s identity is stolen and used for fraud, and your company was the cause of this identity theft.

If there ever is a breach, you are less likely to face fines and penalties if you can show that you took reasonable steps to protect your users.


Become GDPR & CCPA Compliant without paying thousands.

Works with the latest Wordpress version 5.4.

Includes opt-in modal to ensure compliance.

Destroys all 3rd-party trackers when visitors opt-out.

19 USD per month
INSTALL NOW

Sign up for exclusive Privacy Tips

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.