How to Protect Against Data Mining at an Organizational Level
This article is admittedly ironic, given that it’s businesses that most often benefit from data mining. That being said, the practice can indeed be used to help build a profile of not just your staff, but ultimately your own organization. Everyone in your hierarchy is online and connected, and inadvertently sharing both personal and company information and behavioral patterns. That data is used on some way, shape, or form by other parties in an effort to influence actions and decisions. More importantly, advanced phishing campaigns against your business are born from data mining.
It often takes a major event to deliver the wakeup call people and businesses alike need, and there is none more applicable than when in 2018 Facebook’s Mark Zuckerberg had to testify to the U.S. Congress regarding the fact that data on 87 million Facebook users was sold to Cambridge Analytica, a data analytics firm with a heavy hand in political campaigns. When this happened a large number of companies scrambled to check the Terms & Conditions of each and every app on staff computers, laptops, smartphones, and tablets. Today (2020) this attention to detail has become more commonplace, but it’s not enough. What more can be done? Let’s review.
How to Prevent Apps and Social Networks from Harvesting the Data of Your Staff in the Workplace
1. Terms, Conditions, and Privacy Policies
App providers on defense about data mining cite that users should not be surprised. It’s all in the T&Cs and/or Privacy Policy after all. And while some of these read like an unabridged version of the U.S. Constitution, they have a point. As much as you hate it, read it, and look for anything that resembles the following:
“We may collect, use, transfer, sell and disclose non-personal information for any purpose” and that data can be used “to build anonymous market research products and services.”
Armed with that knowledge, you (and stakeholders) must decide if if corporate use of a given app is worth it, or if limitations must be placed on how much is divulged in profile creation and in usage.
2. Perform a Semi-Annual App Audit
Look at the screen of your smartphone, tablet, and laptop. Go ahead, we’ll wait.
There is without a doubt more than one (if not dozens) of apps that you haven’t used in months. While you may not be actively opening them and/or logging in, they may be harvesting data (including where you’re sitting right now) at this very moment. The more apps you have, the more information is being collected. It’s time for everyone in your organization to start trimming the fat and perform an audit on all devices, keeping only the apps that are necessary for day to day company activity. This alone can cut data harvesting from social networks and other applications in half, or more.
3. Don’t Just Uninstall, Delete
Remember the Uber data debacle from a few short years ago? One thing that was uncovered, was that the ride-hailing service participated in fingerprinting, a process in which iPhones were illicitly tagged with permanent identities that were detectable even after the app was uninstalled from the devices. While users may be prepared to remove apps from the devices they use, this is not enough. The account must be manually deleted, either through an option found within the app, or by contacting the app provider to request account and profile deletion. There will be nothing that can be done about data that has already been harvested, but harvesting can be ceased from this point on.
4. Don’t Connect Too Many Apps
When you connect apps to one another, use of one can provide another with information about user activity. When apps are connected, they feed off of one another. An obvious example, is when you connect Facebook to Twitter. But the connection between less obvious ones are a big part of what makes you (and stakeholders) susceptible to widespread data harvesting.
Have you ever tried to read an online article, and received a prompt to sign up for the subscription or app so that you can access the rest of the content? When this happens, you’re either asked to fill out a bunch of information (a turn off for many) or simply connect via Facebook or Twitter (much easier, right?). Well, as soon as you do that, you make a connection between the two, both of which mine data in their own way and have differing T&Cs.
Go into the settings of commonly used applications and see which other apps they are connected to, and remove/delete connected apps that are not an absolute necessity. Moving forward, resist the urge to seamlessly open up a profile on a new app by connecting with an existing one, and start a fresh profile while providing a more limited picture of who you are, where you are, and what you do. Pass this tip on to everyone in your organization.
5. Keep Connected Apps on Limited Devices
There are personal and business benefits of connected apps, but that doesn’t mean you need this connection to exist on all devices.
Consider this basic scenario. You start your day with a visit to your local coffee shop, and open the Facebook app and scroll through the newsfeed on your iPad to pass the time. This information has been logged. You then go to the office, power up your desktop, and get market news from your favorite online periodical, and share the story (which connects via Facebook) on your company’s brand page. Logged. A few hours later, you meet a client for lunch, pull out your smartphone, and show them Instagram posts from the trade show you just returned from. Logged. Then, at the end of the day, you return home, power up your Fitbit app (connects to Facebook) and go for a jog. Logged.
The moral of the story, is that everyone should audit their connected apps, and make sure that not every single device used through the day shares the connection. When you do so, a breadcrumb trail is created and a more complete picture is painted. Again, pass this on to everyone in the company hierarchy.
6. Complete Separation of Personal and Company Usage
In our recent article about new cyber threats to watch out for in the year ahead, we called upon businesses to hedge risk regarding BYOD (bring your own device) when staff is expected to work remotely and/or communicate with team members via messaging apps. Instead, a company can control of the situation by issuing company smartphones for company use. This same solution applies to data mining concerns. That way, you have full control of what apps are in use, and by whom. Staff will also appreciate this separation of their personal and organizational online activity.
If you have any further concerns about data mining as it applies to the online activities of yourself, stakeholders, and those in your employ, or other data security concerns, contact SAV Technology for a consultation.