Last fall, Facebook was the target of a data breach that impacted nearly 30 million of its 2.4 billion users. In addition to the data breach, the FTC has been investigating the activities of the political consulting firm Cambridge Analytica’s unauthorized access to more than 87 million Facebook users’ data.
The largest social network in the world recently received a hefty fine of $5 billion from the Federal Trade Commission (FTC). And, to top it all off, the Securities and Exchange Commission recently announced charges of misleading disclosure of the risk of data misuse, which Facebook has agreed to cough up $100 million to settle.
Many people have criticized the $5 billion FTC fine as laughable for a company the size of Facebook, whose annual revenue totaled $55.8 billion in 2018. That said, these fines are meant to cover the losses of the breach and encourage investment in security, not bankrupt anyone. Critics of the FTC fine might be heartened to learn that the $100 million settlement with the SEC is the highest such penalty they have ever assessed for this kind of disclosure failure.
So, what can we learn from Facebook’s recent legal struggles?
Failure to Secure Data Can Be Expensive
While we all know that developing a comprehensive security posture can be pricey, nothing is more expensive than failing to secure customer data. In addition to opening up your organization to fines or lawsuits, the loss of customer trust can be hard to overcome.
Facebook has been losing users — 15 million lost users in the last two years. There is a combination of factors at play, of course. Younger users are gravitating toward other platforms while others are logging off for mental health reasons. However, it’s easy to recognize that privacy concerns can keep people from engaging with a platform built on sharing personal information.
Make Security and Privacy Your #1 Goal
To ensure that your organization is one that your customers can trust, make security and data privacy a priority. This may mean taking a close look at your systems and the security posture you have in place today with a critical eye.
Discover and Analyze Your Security Risks
To have a clear picture of your security risks, you need to see your organization’s vulnerabilities from the vantage point of a hacker, rather than from the inside looking out. A self-assessment is a great place to start, but threats can also come from the inside via vendors and island hopping. SecurityScorecard provides self-assessment tools as well as vendor and third-party risk assessment and proactive vulnerability identification.
Prevent Data Loss
Data loss prevention or data leak prevention (both known as DLP) helps keep your data safe by preventing its transfer outside of your network or firewall by bad actors. Having a DLP program, such as Arcserve, can help detect and prevent data breaches, exfiltration, ransomware or unwanted destruction of sensitive data. DLP may also be a necessary part of your security policy to comply with industry regulations. You can use DLP to:
- Protect Personally Identifiable Information (PII)
- Comply with regulations
- Protect critical Intellectual Property
- Achieve data visibility in large organizations
- Secure Bring Your Own Device (BYOD) environments
- Secure remote cloud systems
While most businesses would crumble under the hefty fines that Facebook is being penalized with, it’s better to avoid being in a vulnerable position. Protecting your data, especially sensitive or personal customer data, is not just good business — it will protect you from regulatory non-compliance and legal liability. Make security your priority and keep your organization safe from legal trouble and avoidable fines.