On 2 April, Google+ will cease to exist for external users. The search giant has cited two main reasons for the move: low user engagement and, more insidiously, software design flaws that allowed “third-party app developers to access the data not just of users who had granted permission, but of their friends”. In October 2018, Google revealed it had also suffered a second major security lapse in the same year. Facebook came under similar scrutiny for its user tracking capabilities, which ultimately saw Mark Zuckerberg hauled in front of Congress.
In theory, this is a huge deal. Despite being two of the world’s biggest technology companies, Google and Facebook have failed to sufficiently protect users’ data and manage information risks.
In practice, both remain multi-billion-dollar corporations able to weather tarnished reputations and substantial fines with barely a scratch. However, the situation for smaller – though no less ambitious – technology companies is rather different.
Data makes the world go round
The technology industry thrives on data. No matter what kind of software tool or application a technology company is developing, what sector it is selling into or who its end users ultimately are, digital information underpins its product development. Successful technology companies are, in the majority of cases, those that are most adept at managing, processing, analysing and harnessing vast arrays of digital information – often with the help of innovations in AI, machine learning and big data analytics.
This means that the technology industry depends on effective data protection. Public consciousness around the risks of both cybercrime and human error resulting in data breaches has never been higher. The introduction of the GDPR (General Data Protection Regulation) in May 2018 only increased public awareness of the importance of organisations taking steps to protect sensitive information.
How to avoid a bad reputation
In a world dominated by social media, news of a significant cyber incident can travel fast. This means that consumers – whether individuals or businesses – are simultaneously more aware of technology companies’ responsibility to protect their information, and more able than ever before to identify and avoid organisations that do not take adequate steps to do so.
Reputation and revenue are closely linked. Even the perception of failure to protect sensitive information can see an organisation suffer reputational damage and loss of customers. That’s before we consider the operational standstills that can be rendered by major cyber incidents, which directly lead to dropped revenue.
Scaling up data protection
For smaller technology organisations that lack the means of the Googles and Facebooks of the world, two key steps are vital. First, they need to take comprehensive and ongoing action to protect all the information they handle, and accurately assess the risks associated with all such processes. Second, they need to communicate this action to consumers transparently.
These principles underpin Vigilant Software’s online risk assessment, compliance and data flow mapping tools. Our tools take organisations through the risk assessment and data protection procedures they need to undertake, helping them translate those actions into clear, dynamic and demonstrable compliance.
Our CyberComply platform guides organisations through cyber risk and privacy monitoring and compliance. It is designed for risk and security, data and compliance, and IT and information security professionals working in small and medium-sized organisations for whom cyber risk and privacy management are critical.
For more information on CyberComply or to see the full suite of products available, visit our website.
To book a demo and see CyberComply in action please click here.