3 lessons you can learn from the latest data scandals

Data breaches such as the Facebook-Cambridge Analytica scandal serve to teach businesses some fundamental lessons when it comes to the security of personal data.
25 May 2018

With the rise of IoT devices comes the rise of security concerns. Source: Shutterstock

Unless you’ve been living under a rock for the past couple of months, then you are likely to have heard of Facebook’s recent data scandal.

The data “mishap” involved the leaking of over 50 million user accounts by consulting firm Cambridge Analytica, in which the data was mined in order to accrue insights for political purposes.

As a result, Facebook has received a magnitude of backlash, resulting in a loss of over US$70 billion after just ten days of the critical event occurring. The social media giant’s data practices are under extreme inspection currently, with many parties taking legal actions against the company.

But there are lessons from Facebook’s data privacy scandal that all companies can take on-board. Here are three  of them:

1. Third-party monitoring is critical

Cambridge Analytica took the Facebook user data via an app that had a fun personality quiz. The issue arose when people who had not directly interacted with the app had their data compromised.

The app collected information through app users’ friends also. Once investigations into Facebook’s privacy occurred, it was soon realized that the company was pretty lax on fully understanding what happens to data once it reached an outside entity like Cambridge Analytica.

Facebook CEO Mark Zuckerberg has been under scrutiny from lawmakers and the public. Source: Reuters

Mark Zuckerberg even admitted via a Facebook post (though not until five days after news had broke) that he was not sure how the blunder had happened.

This highlights the need for companies to have policies in place to regulate and monitor the movement of personal data. The handling, protection, and controlling of the types of access that third-party apps and services have on consumer data is essential in avoiding a data breach.

2. Preparation is key

A big takeaway from the Facebook-Cambridge Analytica scandal is to ensure you are prepared for a crisis. Facebook’s delayed and incomplete response to the scandal sparked outrage in both lawmakers and the public.

Many businesses do not have a sound crisis communication plan in place – but now more than ever, one is needed. Taking heed in terms of reputational risk assessment and crisis response can not just be an option for businesses to consider anymore. It is a necessity.

By developing a plan and reviewing it with your team on a monthly basis, you can ensure you are prepared for if/ and when a crisis occurs.

3. More attention to your data security plan is needed

With the Facebook scandal – and the upcoming General Data Protection Regulation (GDPR) legislation in Europe – the spotlight is truly on data security.

It is becoming essential for companies who are dealing with consumer data to implement policies and procedures to safeguard data and prevent unauthorized access.

Do you have a strong cybersecurity strategy in place? Source: Shutterstock

There are a variety of ways you can do this. Protocols such as implementing a two-factor authentication in order to control access, advanced firewalls to protect against hackers, as well as enlisting the help of white hat hackers to test and assess your company’s security measures.

As well as these technological security measures, employee education should be an essential part of your plan.

A survey conducted by consulting firm EY found that insider breach is one of the highest risk areas, and is also recognized as the fastest growing threat to data.

Therefore, business leaders must make efforts to educate their employees on good data practices, enlisting a series of protocols to follow when handling customer data.

The Facebook data scandal has truly heightened people’s concerns regarding the handling of their personal data.

And with the implementation of regulations such as the European Union’s GDPR, it is becoming paramount for companies to ensure compliance with data regulations as well as heightening their own security policies. Without doing so, they will ultimately lose the trust of their customers.