Big Tech Risks Personal Data Privacy and Corporate Security

How big tech’s data collection puts your business at risk

Google, Facebook, and other big tech companies are an advertiser’s dream and a privacy nightmare, collecting vast amounts of data on vast numbers of consumers worldwide. They know where we go, what we search, the apps we use, what we watch on YouTube, and our bookmarks, emails, photos, contacts, purchases, and more—gigabytes of data on billions of people. Enough to precisely target messages to exactly the people most receptive to them. This is exactly why big tech data gathering puts your employees, customers, and organizations at daily risk of theft, extortion (think ransomware), and worse.

According to the 2021 Verizon Data Breach Investigations Report (DBIR), 85% of data breaches now involve the “human element,” people, most unwittingly, providing criminals with access to business systems. The report also noted the rise in phishing (social engineering) which was present in 36% of the breaches examined, up 25% over the previous year. Criminals are using every available channel: social media phishing is exploding through Facebook impersonation, and Google recently reported removing 3.1 billion scam ads.

Criminals are using big tech to leverage personal information to target your employees and customers and attack your organization. Protecting data privacy is your best defense, and it’s a cost-effective and simple strategy.

How Personal Information Leads to Corporate Breaches

As in any business, online criminals favor strategies that produce the highest rate of return. As mentioned above, social engineering tactics grew by 25% last year, while brute force hacking was present in less than 5% of breaches. It’s logical: criminals are now able to leverage the vast data gathering and targeting power of big tech to reach their victims. Using personal data from data breaches or simply working through social and advertising networks, they can target scams to gather credentials, tempt anyone into malicious downloads, or even gather personal information that could be used for extortion or coercion.

And thanks to big tech, social engineering is a game anyone can play. A UK watchdog group, using just a Gmail address, was able to create a fake advertisement and get it approved by Google. Within an hour, they were able to launch an ad, quickly racking up 100,000 impressions. They found it was equally simple to launch a fake business Facebook page. When anyone can create fake accounts and advertisements, it’s simple for criminal organizations to precisely target potential victims based on their demographics, social connections, behavior, and interests.

Gaps in the Corporate Firewall

With the growth of social engineering, employee privacy has become the gap in the corporate firewall, and remote work and mobile devices only increase this threat. A Comparitech study found that in 2021, a record 74% of organizations experienced malware that spread from one employee to another. Phishing training can help employees spot some fake emails but, armed with so much personal information, phishing attacks are becoming more sophisticated and precise. Stolen customer or member credentials can also allow hackers into business systems, and the Verizon DBIR says 61% of hacking breaches can be attributed to stolen credentials.

It only takes one exposed password or malicious download to cause a breach or let in ransomware that could take your operations down. (A 2021 Mimecast study found that 61% of organizations experienced a ransomware attack that led to at least a partial disruption of business operations, a growth of 10% over the previous year.)

Protecting Consumers and Security

As privacy becomes an issue of corporate security, organizations can protect themselves by providing privacy protection as an employee or member benefit.

Personal privacy protection tools can protect the business in multiple ways:

• An advanced tracking blocker stops gathering of the personal data that can be used for social engineering.
• A personal VPN for use public Wi-Fi and even home networks can foil information tracking, protect them from spoofed networks, and help keep credentials from being captured.
• A password checker makes it easy for people to find out if their passwords have been exposed on the dark web, so they can change compromised passwords.
• A password manager simplifies password management, and encourages people not to re-use passwords and to use stronger passwords, helping minimize risks such as credential stuffing attacks.
• An automatic data removal tool can delete personal information from data broker sites, removing another source of data that can fuel social engineering campaigns.

A privacy protection plan with all these features costs less per employee than office supplies. When you consider that, according to the latest Cost of a Data Breach Report, the U.S. average cost for a single breach is $8.64 million—about $3,533 per employee—and average cost of a ransomware attack is $1.85 million, privacy protection is a great investment.

Privacy Protection Has Multiple Benefits

Protecting employee privacy also protects them from identity theft, which affects employee health and productivity. According to the Identity Theft Resource Center, nearly two thirds of ID theft victims lost more than 40 hours of work while trying to resolve the fraud, 24% said it led to employment problems, and 40% were unable to pay routine monthly bills, leading to stress-related illness and even suicidal thoughts.

A privacy protection benefit can also help a business compete in today’s tight marketplace. Americans value their privacy, as evidenced by the fact that only 6% of Americans have opted in to allow tracking for their data by Facebook and affiliates since Apple’s iOS gave them the option. So, a privacy benefit can be one more enticement to attract or retain employees, members, and customers.

Privacy protection is an all-around win, enhancing data security, employee productivity, and the ability to attract and retain good people. Considering the cost of a privacy benefit versus a single data breach, it’s a no-brainer. When the road through the corporate firewall is paved with personal information, the best and most cost-effective way to protect employees and the business is by protecting their privacy.