One year on: What have we learned from the Facebook data breach scandal?

In September 2018, Facebook hit the headlines after announcing that millions of users’ data had been leaked or sold onto third parties as part of a political tactic. ‘Sleazy’, ‘psychological’ and ‘manipulation’ are words that have been used to describe the data breach, which you may know as the ‘Cambridge Analytica data scandal’. The matter of online data privacy is still very much a hot topic today. Here’s a recap of what brought it to the surface last year…

In the run up to the 2016 U.S Presidential Election, British political consulting firm Cambridge Analytica was hired by Donald Trump’s campaign officials to micro-target US voters. This was done by collecting information such as users’ likes and interests through Facebook and then communicating tailored messages about the Republican candidate across digital platforms. It’s argued that this tactic largely influenced the vote and helped Trump win. A former Cambridge Analytica employee claims that the same tactic was also used to alter the outcome of the Brexit campaign.

However, the primary problem lies within the fact that data was illegally sold on to Cambridge Analytica – Facebook protest they are not directly responsible for selling the data to Cambridge Analytica, and instead, the platform was hacked by a third party. Facebook are, however, responsible for not properly securing the social media platform and failing to monitor it. So, one year on, what have we learned from this headline-hitting data breach?

Manage and monitor third parties

Ultimately, the issue came down to poor security. Some suggest that perhaps Facebook could have prevented the hacking and data breach if they had managed and monitored third party vendors better. Building third party relationships may sound appealing as they can indeed help support businesses; however, this does require granting them access to confidential data, which immediately heightens the risk of breaches. Therefore, a certain level of trust is essential before involving third parties.

In Facebook’s case, the social media platform had allowed a third-party app to design a personality quiz that gathered users’ personal data. Following this, the data was then sold to Cambridge Analytica as a result of Facebook poorly monitoring the apps underlying intentions.

One major lesson other organisations can take from this is to heighten the security and monitoring of third-party involvement. This can be done by:

  • Developing a plan that outlines clear roles and responsibilities with regards to who secures documents from third party vendors.
  • Keep up with ongoing monitoring procedures to ensure that third parties are maintaining agreements.
  • Carry out thorough risk checks that are associated with the activities that third parties will be involved in.

Facebook is now establishing a “comprehensive privacy programme” and have third-party conduct audits every two years for the next 20 years to confirm the programme is effective.

Secure data with the cloud

The popularity of cloud computing is certainly growing, as almost 42% of companies in the UK used some form of cloud service in 2018 – an 18% increase since 2014, according to Eurostat. However, for those who are not making use of cloud computing, data may be at a higher risk of breach.

Businesses of all shapes and sizes should consider moving to a cloud platform. Cloud services are an effective way to strengthen cyber security as their services can offer back-up solutions, data encryption, advanced firewalls and on-demand support.

But still, not all organisations are properly securing data with cloud platforms. Facebook itself is a cloud platform that was hacked due to no other reason than failing to manage access. Fortunately, there are sophisticated security tools that can help better protect data in the cloud.

Data breaches can hugely impact business

Finally, failing to prevent a data breach can have a detrimental effect on businesses. No business intends on leaking their customers’ data, but ultimately, they are the ones to blame in the case of a data breach, making cyber security and data privacy more important than ever. Particularly, with the implementation of the GDPR in May 2018, the matter is high on the agenda for all businesses to ensure compliance and avoid damaging fines.

A breach of data equals a breach of trust. When a customer’s trust is lost, so is business. Not only did Facebook have to pay a record £4billion penalty issued by the Federal Trade Commission in the US, but a million users also left the platform is just three months, likely due to loss of trust. This trend shows no signs of slowing down, with many digital platforms losing users over data transparency issues.

If data privacy isn’t high on your business’ agenda, it certainly should be considered. Customers are increasingly demanding higher levels of data control, transparency and flexibility, and firms who don’t offer solutions to this may be left behind.

Hackers are smart. But we are smarter. Blue Rock takes a pro-active approach to cyber security, identifying and resolving weak spots before the hackers do. We can equip your team with the tools and training necessary to ensure your business is fully protected against modern day cyber criminals.

If you are concerned about data breaches, do not hesitate to get in touch with Blue Rock today to discuss how we can help secure your organisation’s sensitive data.