Business owners have started to take cybersecurity issues seriously. They’ve adopted access control, systems backups, password management, antivirus software, employee training against phishing, and various other security measures. But there’s another grave threat to business security that no one talks about. Your Internet Service Provider (ISP) can see everything you do online, including passwords and account details, financial information, and every other kind of confidential business data. And ISPs actively monitor and store the online activity associated with every device and network ID to sell your data to third parties. In this article, we will discuss ISP tracking, and how you can block it.

What’s the point of teaching your employees to guard their online exposure and protect business secrets if your ISP’s actions can expose your business to cyberattacks and data breaches?

What Is ISP Tracking?

ISPs monitor all of their users’ online activities. They keep records of all websites you visit, searches you make, and everything you download. They use cookies and trackers built into your browser and other software, your device’s advertising ID, the unique properties of each device, and people’s IP addresses.  And a few years ago, news broke that some ISPs had even been using “supercookies.”

Supercookies are ISP-created tracking files – impossible to delete – that create an association between the devices you use and your web activities. Supercookies contain Unique Identifier Headers (UIDH) with your device’s identifying information but are stored on the ISP’s servers. You can’t delete ISP UIDH supercookies because they’re not stored on your computer.

In one supercookie case, Verizon was fined a whopping $1.35M, but they’re not the only ISP to have used such sinister methods to track their clients.

Why Is Your ISP Tracking You?

Why are ISPs so desperate to track your activities? Most of the answers revolve around revenue and profit:

• They sell your data to marketing companies:  They openly sell or trade browsing data to data brokers and other companies, making a lot of money. Their privacy policies might promise that they only sell anonymized data, but that’s scant reassurance because it’s a trivial matter to deanonymize browsing logs.  

• They use your data to sell you stuff directly: They use your browsing and search history to insert targeted advertisements into the pages you visit.  And if invasive advertising bothers you, some Internet providers plan to implement privacy premiums. They intend to charge an extra fee if you don’t want to see their ads. The catch is that they only promise to stop advertising to you, not to stop monitoring you. 
• They can redirect users to certain channels or websites to support their preferred business partners. It’s the opposite of freedom of choice because they can hide or promote whatever information they want. 

• They seek to identify specific types of users: For example, they seek to identify people who use P2P technology or are heavy gamers to throttle their speed or bandwidth during peak periods.   
• Government agencies and law enforcement are legally obliged to provide information about your internet activities if served with a subpoena. 

What harm can it do?

The nature of their tracking technology means that ISPs can access very sensitive information, such as login credentials and financial data. Since ISPs are massive targets for hackers, one would expect them to take great measures to secure their data. But are you sure that every ISP employee is incorruptible? Can your ISP guarantee that none of their employees pose an insider threat? How many of the millions of small data breaches that occur daily can be traced back to information sold by ISP employees?

Cyberattacks and data breaches can cost your business a lot of money and cause your customers to lose trust in your company’s ability to protect their data. 

What can you do to avoid ISP tracking?

There are many ways in which a single, average internet user can avoid some of the excessive internet tracking.

• Changing browser privacy settings: You can ask every employee to change the browser settings on every browser of every device they use to access the internet. But it’s unlikely that all your employees will comply, and it won’t protect your business from your ISP’s tracking tools. 

• Using the Tor browser: Tor (also known as the Onion router) offers high privacy. Still, there are better solutions for businesses because it relies on a network of volunteer servers. It’s not intended to serve businesses, and it’s unfair to expect volunteers to carry heavy traffic.

But the only way to escape ISP tracking is to encrypt all your company data when  you connect to the internet. Fortunately, there are some excellent tech tools to accomplish this. 

VPNs block ISP tracking

The only way to protect your company’s inside information from your ISP is by using a VPN. A VPN secures your internet connection when you and all of your employees connect to the internet. It encrypts all the data you intend to send, turning it into an unreadable hash, and then routes the data stream via a private tunnel to a remote server. No one can see what you’re doing online – it hides your data even from your ISP. 

The takeaway

There are many small steps available to help individuals avoid some online surveillance, but it’s impossible to roll out the measures at scale in a business. Moreover, none of the measures are effective against ISP surveillance. The only solution for online business security is a reputable, no-logs VPN or proxy service.