This content was contributed to Quora on May 3, 2018, by Dawid Bałut, Security Architect at Egnyte
Large companies should continue to invest in auditing their products, including agreements with third-party applications, and assess how they’re being used.
The Cambridge Analytica scandal originated after Facebook’s platform features were abused in 2014. Data was harvested in accordance with Facebook’s policies at the time but was then illegally sold to a political consulting firm that may have used it to sway elections. Facebook isn’t directly responsible for selling the data, but they are responsible for improperly securing it and failing to monitor its use.
To prevent such situations from happening in the future, companies should implement a few safeguards:
Perform a thorough audit of all features and APIs to ensure they can’t be abused by malicious companies or hackers looking to extort data.
Make sure your APIs are monitored against suspicious activities, such as large-scale data harvesting.
Confirm that your functions operate the way they’re designed to, i.e. if there’s a feature that enables the creation of surveys for specific user groups, then the surveys should only collect data from those who provide explicit consent.
Ensure users are clearly informed about the kinds of data being gathered by your organization, partners, and third-party services integrated with your platform.
These are just a few examples of how to help prevent similar breaches. Most importantly, empower anti-abuse and anti-fraud teams to continually monitor behavior and ensure customer data isn’t compromised.
Note: These question and answer originally appeared on Quora – the place to gain and share knowledge, empowering people to learn from others and better understand the world.