In March 2018, a whistle-blower revealed that voter-profiling company Cambridge Analytica harvested private information from the Facebook profiles of more than 50 million users without their permission. The reverberations of this story reached far and wide, and Facebook found itself at the center of the maelstrom. The company made major missteps in how it responded to the scandal, which raised serious questions about its handling of technology security and data privacy.
In the immediate aftermath, Facebook refused to take responsibility, pointing fingers elsewhere, making no apology, and dismissing the issue entirely. Hard-hitting reporting subsequently proved otherwise—Facebook knew data was being breached and misused as early as 2015 and did not alert users.
The Facebook/Cambridge Analytica data privacy debacle rekindled the old argument of fault versus responsibility. To assume fault is to acknowledge you caused something to happen. To take responsibility is to acknowledge that regardless of where fault lies, it’s your job to make it right. The abuse of data was Cambridge Analytica’s fault, but it was Facebook’s responsibility to prevent it and, failing that, to take ownership for cleaning up the mess. The same principle holds true for any data breach. It may be a hacker’s fault, but it’s IT’s responsibility to maintain high standards of security, minimize the damage from attacks, and take measures to prevent it from happening again.
Step 1: Assess your security
The first step toward taking responsibility for securing your IT environment is to know your environment from top to bottom, including any vulnerabilities or gaps. Ignorance is not a good defense. Hackers will always try to exploit weak points, so it’s crucial you understand your company’s weak points. Conducting security assessments and IT audits will give you a comprehensive look into potential risks, providing you and your IT team insight into how hackers may be thinking. From there, you can pivot and modify your security strategy accordingly.
Such an assessment should cover all possible entry points, from computer and web security to mobile and print security. For example, printers represent prime targets for hackers, because—despite the fact they’re connected to the network and process sensitive data—many IT teams overlook these endpoints as risks. Do you know how many printers exist in your IT environment? Performing a secure print analysis can help you identify security gaps within your print network with relative ease. Armed with that knowledge, you can take steps to bolster their defenses.
Step 2: Plug the gaps
The second step to taking responsibility is using the insights gained from your security assessment to plug gaps and create a more secure infrastructure. Maybe your technology security assessment revealed that employees are practicing poor password management—reusing passwords, relying on weak passwords, keeping the same password indefinitely, etc. That knowledge could serve as the inspiration for new password protocols, such as requirements for changing passwords every six months, or technologies, like encrypted password managers, biometric authentication, and two-factor authentication.
If printers are identified as a vulnerability, a business can work with an expert third party, like a managed print services (MPS) provider, to create a more secure print infrastructure and ensure print security policies are followed. An MPS provider can ensure data is secure at rest and in transit, provide hardware that only allows whitelisted files to run, and enforce security requirements based on device, users, and compliance.
Step 3: Be proactive
Finally, the third step to taking responsibility for security is deploying technology that can be proactive rather than reactive. Hackers move and evolve fast, and it’s not easy to keep up. For that reason, solutions that block known attacks are no longer strong enough. Instead, you need tools that can monitor the network for malicious activity.
Network-monitoring solutions, hardware with self-monitoring built in, and machine learning are all important tools for detecting advanced threats designed to bypass your defenses. In the event a hacker makes their way into your network, security forensics and devices with self-healing capabilities can minimize the damage.
Whether Facebook was simply naive in how it handled data privacy or it just didn’t care how it did so, IT can learn an important lesson from this saga. Given the high likelihood and exorbitant costs of data breaches, securing the IT environment needs to be a top priority. In the event of a breach, you need to take responsibility for what happens so you and your IT team can say you did everything you could have done to stop it.