Facebook recently has been at the center of a media controversy as allegations have surfaced that Cambridge Analytica inappropriately obtained data from around 50 million Facebook users, used this data to influence the 2016 presidential election, and failed to delete the data upon Facebook’s request.
The data controversy is not a case of hacking, though. Instead, it seems the London-based political consulting firm worked with an app developer, researcher Aleksandr Kogan of Cambridge University, to extract the data for its own purposes. At the time, the app developer was allowed to access the data, but the issue is that he was not allowed to sell or share that data.
When journalists uncovered that Kogan had shared the data he collected with Cambridge Analytica, Facebook banned Kogan’s app from the platform. It also required Kogan and Cambridge Analytica to formally certify that they had deleted all of the data from their systems.
More recently, journalists again uncovered data misuse, claiming that Cambridge Analytica had not deleted the data. Facebook has banned Cambridge Analytica from using any of its services and is conducting an investigation.
“This was a breach of trust between Kogan, Cambridge Analytica and Facebook,” said Facebook CEO Mark Zuckerburg in a March 21 post on the social media platform. “But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.” In his post, Zuckerburg pledged to conduct a full audit of the Facebook user data collected by third-party apps, break ties with any groups that have violated Facebook’s data-sharing agreement, reduce the amount and type of information these apps will have access to in the future, and educate Facebook users about protecting their data by adjusting app permissions.
A blow to the brand
In spite of this response, the news of the data controversy has been a blow to the Facebook brand. Facebook’s stock price dropped more than 13 percent to $160 within a week of the news, according to CNBC . The social media company lost approximately $75 billion in market value in the period. By comparison, in the same week, Twitter’s share price jumped 5 percent, CNBC reports.
The data controversy also has led to a call for users and companies to delete their Facebook accounts. The hashtag #deletefacebook has been trending on Twitter, backed by the endorsements of celebrities and business leaders. Elon Musk announced via Twitter that the SpaceX and Tesla Facebook pages have been deleted.
There also are some legal ramifications surfacing for both Facebook and Cambridge Analytica. The Federal Trade Commission is investigating Facebook’s privacy practices, and a coalition of 37 states and territories is demanding more information from Facebook about its business practices, according to Business Insider . In addition, Illinois’ Cook County is suing Cambridge Analytica for fraud and deceptive practices and is accusing Facebook of allowing the practices, according to ABC 7 News Chicago . Individual users also are starting private and class-action lawsuits against the companies.
Protect your company from external risks
If your company shares data with any third-party partners, it too is at risk for a data controversy like this. Although your company may go to great lengths to guard its data, if your third-party partner does not share the same commitment to data security, the information may be misused or shared with unauthorized parties.
A similar risk exists for cyberattacks. Although your company may continuously update its network security, if your partner does not do the same, you could still have a hole in your network. If your and your partner’s networks are connected, a hacker can access your partner’s network and then navigate into yours. In addition, if your company’s data is stored on your partner’s network, hackers can just access your data there.
The damage will not be limited to compromised data, though. Even if the cyberattack or data issue originated with your partner, your customers will still associate your company with the damage, tainting your brand image.
Trustwave estimates that more than two-thirds of data breaches happen through a third-party vendor. In spite of this, only 2 percent of IT and security executives are making third-party access a top cybersecurity priority, according to a survey by Soha Systems .
Stay one step ahead of the game by reevaluating your third-party data-sharing methods. David Wagner, president and CEO of Zix, wrote an article on Business.com that offers three strategies for protecting your company from this cybersecurity vulnerability:
1. Vet vendors based on security standards.
Before partnering with a third party, find out what types of cybersecurity systems and protocols it has in place, Wagner advises. In addition, if that vendor will be storing your data or will be directly connected to your network, ensure that its employees will abide by your cybersecurity policies.Similarly, before choosing an online collaboration platform, make sure the solution offers an adequate level of security.
2. Conduct ongoing audits of vendors’ systems.
Be sure to frequently check in on your vendors’ systems to ensure that their IT teams are updating their cybersecurity infrastructures and that their cybersecurity protocols meet your requirements. Wagner suggests making an audit a condition of contract renewal.
3. Implement user-friendly, collaborative cybersecurity solutions.
If your company emails sensitive data, opt for an email platform that automatically encrypts emails. However, ensure that sending and accessing emails will still be quick and easy, otherwise workers may be tempted to skirt the system and use an easier but less secure platform.