This is not yet another post about Facebook’s privacy woes, thanks to British data mining and consulting firm Cambridge Analytica’s lack of ethics and morality. I just want to take this opportunity to highlight the need for better data security, especially by business owners who have customer data on their phones, and might unknowingly be sharing it with these apps and tools.
The serious data safety and privacy breaches resulting from Cambridge Analytica lifting the Facebook data of more than 50 million people by using an app has been covered comprehensively in the media.
So has the fact that Facebook is storing your entire phone contact list and years of messages.
However, as the company itself notes, “Contact importers are fairly common among social apps and services as a way to more easily find the people you want to connect with.”
This is the question that confronts you today. As a business owner who sends confidential messages to clients, employees and business partners, should you be worried about Facebook and other apps and online / mobile tools scraping your data in the name of making it easy for you to connect and network?
Because that’s the root cause of this blatant privacy breach – it’s not a criminal or nefarious attempt by Facebook to get hold of your data and make it available to developers. It’s simply a race to be the best social network that is able to mine as much user data as possible, so that you can better “connect” and “network.”
Now that everybody in the world knows how big an impact your Facebooking can have on your life (and mine), I’d like to #DeleteFacebook. But my customers and competitors are still on Facebook. Besides, the same applies to all these other apps and tools that I use on my phone, laptop and other devices.
As a matter of fact, while I was looking up mobile app data security best practices for this article, I saw this on one of them:
Looks like an updated opt-in privacy policy that has been added after the fact – as in after Facebook got embroiled in this mess, and let’s not fall into this fire too, so we’re going to explicitly require you to agree to allow us and our “partners” to use your phone, email and any other data in any way we want.
Should you #deleteeverything then? Rather than going back to the stone age, I think it’s far easier to follow a set of standard best practices that will maintain data security in the time of Facebook and Cambridge Analytica.
Mobile app data security best practices
1. Update OS and app versions to the latest one.
2. Download and install only those apps that require explicit opt-in data access permission.
3. Download and install only those apps that provide end-to-end encryption.
4. Download and install only those apps that make use of secured APIs (application programming interfaces).
5. Use complex passwords, and enable two-factor authentication (where available). Change passwords regularly.
Web app data security best practices
6. Use an anti-virus program to safeguard your system, OS and apps.
7. Update the OS and other software you have on the system as soon as updates are available.
8. Update SaaS and cloud-based apps to the latest versions.
9. Use SSL (secure sockets layer) for your own website, and give your data only to sites that use SSL (the URL begins with https://).
10. Information collected by your business website through cookies should be disclosed in your privacy policy, along with the clear and explicit use that you intend to make use of the data. If possible, add a modal window for first-time visitors that requires them to opt-in to allow use of cookies.
Business data protection measures
11. Get business insurance that includes protection against data loss.
12. Implement backup protocols, with synchronized servers and devices, and multiple backups in different locations (both local and remote).
13. Move all your data to a data center, and migrate to cloud-based apps that simply connect to the data. See our post on business software to find out what you can do to keep your IT infrastructure safe and secure.
14. The best data security and password system you have is human authentication in the form of optical or fingerprint sensors.
15. Combine fingerprint or optical sensors on mobile devices and physical office doors with a callback system that generates a notification to the boss of the employee requiring access. Make managers and supervisors responsible for password authentication for their own team members.