5 lessons to learn from Facebook’s Recent Scandal

Whoever said there’s no such thing as bad publicity had obviously never heard of Cambridge Analytica.

A tiny, virtually unknown company up until March, Cambridge Analytica was a data mining company that many consider to be responsible for the Brexit “leave” vote, and the presidential campaigns of Ted Cruz and Donald Trump. They got their hands on the data of around 87 million Facebook users, which they used to create “psychographic” profiles about voters.

From an IT security perspective, nothing that happened was illegal. Nobody was hacked, no new protection against data breaches is needed, no one broke any laws, and, at the time of this writing, no charges have been filed against anyone.

But that isn’t to say the situation is without consequences.

Cambridge Analytica has since disbanded and the exploration is still ongoing. But in the end, it’s Facebook that is feeling the repercussions here.

What Can We Learn From This?

Facebook is, and remains, a secure platform. When you’re the third most popular website on the internet (Google and YouTube are #1 and 2, respectively), you need to make sure your door locks tightly.

But there’s more to it than that.

Technically, we all agreed to this in Facebook’s terms and conditions. And yes, I know that nobody ever reads the terms and conditions for every digital service they sign up for, but unfortunately that’s not an excuse.

Here are a few lessons you, as an owner of a business that collects user data, can learn from this.

1. Be Honest.

Facebook’s lack of transparency here is an important message for any business. If you’re going to collect data from your users (or clients, customers, etc), you need to be transparent about what you plan to do with it.

Was Facebook dishonest? That depends on how you look at it.

But in the court of public opinion, the verdict seems to be that dishonesty was the best policy at Facebook. This damaged their relationship with their users – the #deletefacebook movement has been gaining momentum, with 5% of Americans having deleted their Facebook account recently.

For any smaller company, this likely would have destroyed them, but Facebook had an ace up its sleeve – it’s addictive. We all know it, and we’re all hooked. That’s why, even though we really don’t trust Facebook anymore, we still use it.

Your company likely isn’t as addictive, and it likely isn’t where all your friends are gathered every day, so you don’t have that advantage. In 2018 and beyond, any company that collects personal information from its users will have to be very transparent with what they do with it, lest they risk alienating their user base.


2. Let Your Users Control Their Data.

Facebook is certainly not the only company to collect its users’ data, nor are they the first.

They won’t be the last, either; data collection is an essential part of most businesses, in just about every industry. It helps you gain new insights into what your clients want and how to help them.

But, to paraphrase Spiderman’s famous Uncle Ben: with great data, comes great responsibility.

You have a responsibility to your users about how you use their data, as we talked about in the last point. But you also need to give your users autonomy over their data.

If you collect data, it needs to be with the knowledge of your users. And if you’re considering selling your users’ data, use the following three tips.

1. Don’t

2. Seriously, don’t. Nobody wants to find out their private information was sold

3. If you really have to, make sure your users are explicitly aware of the possibility.

3. Take Users’ Privacy Seriously.

It shouldn’t be difficult to keep your private information private.

Facebook was not at all transparent about how one could do this with their service.

Even worse, they offered the veneer of privacy. You could access your “privacy settings” which controlled which users could and couldn’t see your information on Facebook, but it did nothing to stop Facebook itself from collecting bucketloads of data from everything you did.

The fact is that Facebook makes its money from harvesting your data and selling it to advertisers, so on one hand it’s understandable that they would want to be somewhat covert with their privacy settings. But it’s this secrecy that led Facebook to its current PR nightmare in the first place.

When you collect user data, keep it secure, and take that security seriously. You should be entirely transparent with how you keep your users’ data secure.

Contact 1st Secure IT

Worried that what happened with Facebook could happen to your company as well?

Want to avoid the next #deletefacebook campaign to be about your organization?

Call 1st Secure IT.

Our team of cyber security experts will help you understand the risks inherent in your current data collection methods, and from there we’ll empower you with the knowledge you need to take your users’ data seriously and avoid a scandal, data breach or other IT security disaster.

Don’t get caught with your pants down. Call 1st Secure IT today, and keep yourself safe in an uncertain digital world.

1st Secure IT

4613 N. University Drive #323
Coral Springs Florida
(866) 735-3369

Cyber Security Risk Management and Consulting Services | 1st Secure IT | When Compliance Is Not Enough

How to Respond to a Data Breach`
The Consequences Of Being PCI DSS Noncompliant


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 19 August 2019

If you need help getting started... Contact Us!