If there’s one thing worse than a data breach, it’s a cover-up.
In March, Google discovered a bug in the application program interface (API) for Google+, the tech giant’s social media platform. The bug had been allowing third-party app developers to access the personal data of not only users who had granted permission, but also the friends of those users since 2015. What has the public most outraged, however, is that while Google uncovered the problem in March, the company failed to disclose the leak to the estimated 500,000 people affected (and the public has spoken; following the announcement, Google shares dropped 1.3% on Monday).
The Google+ Data Breach
Why didn’t Google notify the public of the breach? Because it would have invited comparison to the Facebook scandal happening at the time. The Facebook scandal, in which political consulting group Cambridge Analytica gained access to millions of Facebook users’ data without their consent, and led to CEO Mark Zuckerberg being hauled in front of U.S. Congress—was something Google wanted no part in. A Google memo obtained by the Wall Street Journal confirms this: “[disclosure] almost guarantees Sundar will testify before Congress and invite immediate regulatory interest,” the memo said, referring to Google CEO Sundar Pichai.
The Google+ Disclosure Loophole
While it may seem that failure to disclose the breach would be breaking the law, Google found a loophole. In California, where the company resides, data leaks only need to be disclosed if it includes both an individual’s name and Social Security number, ID card or driver’s license number, license plate, or medical or health insurance information. However, because Google only maintains logs of API use for two weeks, it had no way of knowing what information was made available due to the bug. “None of the thresholds for public disclosure were met,” said Ben Smith, Google’s Vice President of Engineering.
Google+ Being Phased Out
Now, the consumer version of Google+ is going dark. No doubt in part because of the breach, but also because of, in Google’s own words in a blog post this week, “the significant challenges in creating and maintaining a successful product” and “low consumer usage.” Google stated that they will wind down the service over the next 10 months to give users time to transition, download, and migrate their data. The company does plan to maintain Google+ for enterprise users, where co-workers can engage in internal discussion on a secure corporate social network.
8 Ways to Prevent Cyber Attacks
It seems every day there’s another data breach, leaving many organizations wondering what they can do to prevent themselves from becoming the next victim. Here are eight ways to protect your data.
1. Educate employees.
Human error—the simple click of a link—can affect an entire network, resulting in disaster. With a Help Net Security survey revealing 30% of office workers are unfamiliar with how cyber-attacks work, education is imperative.
2. Employ content scanning and filters.
A scanner or filter on your mail servers can check for known threats within inbound emails and block any attachment that could be dangerous.
3. Install antivirus (AV) software.
Ensure your AV is current across all endpoints within your organization; viruses are always evolving, so AV is not impenetrable, but it is a solid first line of defense.
4. Update regularly.
Many attacks, as witnessed in the Boeing breach earlier this year, can only reach computers that have not been updated. Regular updates will help maintain the integrity of your systems.
5. Backup daily.
If you backup your important data every day, whether to the cloud or a local storage device, attackers will have a lot less leverage; rather than pay them to retrieve your data, you can backup to the previously saved data with minimal loss.
6. Restrict privileges.
Not every employee needs all privileges; they only need to be able to perform their work-related tasks.
7. Create a patch management plan.
Ensure your organization is managing patches and upgrades for your software companies by developing a plan of action. Patches were largely responsible for stopping the potential damage of the Meltdown and Spectre bugs from early 2018.
8. Purchase cyber insurance.
These policies generally cover your business’ liability for breaches involving customer information such as Social Security, credit card, driver’s license numbers, and health information.
Consider a Virtual Private Cloud for Data Protection
Google spent months hiding a security breach to protect their reputation and avoid scrutiny from regulators. This delay is likely to reignite long-standing complaints from federal and state officials that tech giants, such as Google, are reckless with user privacy and not transparent about breaches and security incidents. It’s also bound to have public cloud users, especially those using Google Cloud Platform, questioning their security. If that sounds like you, it may be time to consider a Virtual Private Cloud (VPC). DSM, Florida’s predictable cloud provider, can easily and seamlessly transition you to a secure, compliant, high performance VPC. In a DSM VPC you’ll have IT experts available to you 24/7/365, with superior uptime and data recovery. Interested in learning more? Speak with one of our IT experts today.