Facebook’s recent data scandal has put the social media giant in the spotlight, but for all the wrong reasons. The company which was seeing a steady growth in terms of revenue and market share has lost more than $70 billion in 10 days which is ironically more than Goldman Sach’s market cap. Everyone’s talking about it – millions of posts, tweets, social media campaigns against Facebook and all that uninvited attention that Facebook has received over the past few days have brought us all to a halt with a question to ponder – Is my data safe?
What was the scandal about?
For beginners, the Facebook Scandal, as it is called all over, started when a political firm researcher was able to acquire personal data of 50 million users which was entrusted with Facebook. Not talking about the political angle involved in this whole controversy, let’s try to understand how the data was exposed and used for political gains. Aleksandr Kogan, a Russian American who worked at the University of Cambridge built a quiz app which captured the data of those who attempted the quiz and ironically, it also captured the data of those who were friends with the quiz players. Now that Facebook prohibits selling of data captured in such ways, the political firm sold it anyway thus resulting in one of the worst data scams that have cost billions of dollars for the tech giant.
Let’s try to understand why everyone is blaming Facebook than the political firm involved. It is because of the vulnerable data security practices observed, where a third party app developer was able to acquire data from millions of users and was able to sell it to Cambridge Analytica.
This has certainly fuelled a debate on whether money or political gains can take control over data security, also drawing a lot of attention towards major firms who handle user data. Sandy Parakilas, who worked on the privacy side at Facebook, told The New York Times, “The people whose job is to protect the user always are fighting an uphill battle against the people whose job is to make money for the company,”
Image Source: https://www.vox.com/policy-and-politics/2018/3/23/17151916/facebook-cambridge-analytica-trump-diagram
Data Security/Data Protection, a real concern:
Data has become an unassailable asset for any organization. That being said, data protection has evolved a lot and is being taken seriously by almost all the firms across the globe for obvious reasons. There are multiple reasons to spend money, time and effort on data protection. The foremost one is minimizing financial loss, followed by regulatory compliance, maintaining high levels of productivity, and meeting customer expectations. Whatever the type of business, if any third party is easily able to have their hands on the critical data of an organization, then the results can be devastating in terms of revenue and reputation.
According to researchers, the most important reason for an organization to implement data protection strategies is fear of financial loss. Loss of critical data can lead to direct financial losses, such as lost sales, fines, or monetary judgments. Additionally, it can result in indirect losses like a drop in investor confidence or customers moving towards competitors. Apparently, there are other negative results which may arise in future thus resulting in a damage which can be irreparable.
Another important business reason for data protection is the stricter regulations announced by various governments across the world, the recent being GDPR. Businesses can face dire consequences for noncompliance and in worst cases, some countries hold company executives criminally liable for failure to comply with laws regarding customer data. These regulations often define what information must be retained, for how long, and under what conditions. The other laws are designed in such a way that they ensure the privacy of the information contained in documents, files, and databases. Loss of critical communications and data can be taken as a violation of these regulations and may subject the organization to pre-defined fines and legal action.
Image Source: http://www.consilium.europa.eu/en/infographics/data-protection-regulation-infographics/
In an increasingly global economy, a business is expected to be vigilant all the time catering to the needs of their customers, 24/7/365. All types of businesses—including healthcare, financial, manufacturing, and service—operate around the clock, or at least their computer systems do. Even if humans are not present, machines are designed to record data, take orders, manage financial transactions. The inability of a business to operate because of a data loss, even a temporary one, is driving many businesses to deploy extensive data protection schemes.
Threats to data security and what can organizations do about it?
There are different threats to computer systems and the data stored on them. These threats increased considerably when computers started to be networked but with the Internet, they have become one of the most important considerations in managing a computer system.
- Hacking – Unless they are protected, systems are vulnerable to anyone who wants to edit, copy or delete files without the owner’s permission. Individuals indulging in such activities are usually called hackers
- Malware, short for malicious software, is software designed to gain access to a computer system without the owner’s consent. Malware is not the same as defective software, that is, software that has a legitimate purpose but contains harmful bugs
- Ransomware, a subset of Malware has gained a lot of attention due to various ransomware attacks across countries, the recent being. Here, the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions on how to recover from the attack. Payment is often demanded in a virtual currency, such as bitcoin so that the cybercriminal’s identity isn’t known
- Other forms like Viruses, Worms, Trojan Horses, Spyware, Adware, Crimeware, Phishing etc
While individuals handling critical data can be trained and educated about data security best practices, organizations must do more to ensure that the user data is protected. One such way is having Vembu’s End-to-End Encryption where the backup data is compressed and encrypted during the transmission process, over WAN from the client to the Vembu BDR server. Using the latest AES 256 Encryption algorithm, Vembu protects all your VM backups, Image level backups, and Network backups.
Data will continue to grow in the coming years and even if technology comes with the best ways to protect the data, there will still be threats and organizations need to have a comprehensive data protection solution to ensure that they do not lose their business because of data loss. Facebook’s recent case tells us all an important thing – even a single email id of a customer needs to be protected and cannot be vulnerable. If not, businesses need to be ready for the consequences that follow.
Experience modern data protection with this latest Vembu BDR Suite v.3.9.0 FREE edition. Try the 30 days free trial here: https://www.vembu.com/vembu-bdr-suite-download/