Investing in security is expensive, and it’s often tempting to focus first on your current profitability. But not investing in security costs organizations even more. What is the takeaway concerning security vs short-term profitability?
If you fail to implement a robust long-term, scalable security infrastructure in your environments from the start, then you run the risk of suffering a catastrophic event that can eventually become exponentially more expensive than the cost of the original solution.
Just ask Facebook.
For the past fourteen years, in lieu of focusing on the implementation of security that scales with its growth, the social media giant instead focused on the short-term profits of selling user data. Today, Facebook’s profit margins are a glaring reflection of the error in its security decision-making.
Facebook’s Goals Were Short-Sighted
Facebook’s initial goal was to create an open environment that would promote social sharing. Security was a consideration, of course, but it was not the priority that it should have been.
The more people using the platform, the more data Facebook collected. Before long, this data went well beyond basic demographic and profile info; it soon asked for and included location and behavioral data as well. Moreover, Facebook also collected personal response data and social login credentials from quizzes and other online activities (both on and off-site).
As the social platform gathered increasing levels of critical information, Facebook’s IT team should have taken a harder look at what data they were collecting as well as what they were doing to store and secure it. By the time they realized how sensitive some of their stored data was, it was too late to apply retrospective security to the historical record.
The damage had already been done.
Facebook’s security protocols and infrastructure were definitively outpaced, leaving the company in a difficult situation, both economically and legally, with a long road ahead to brand recovery.
Prioritize Security Over Short-Term Profitability
Even if you aren’t collecting data on the same scale as Facebook, you can still learn from these mistakes.
Perform a data security health check to evaluate your company’s security posture and protocols. Ask the following questions:
- What is my company’s security profile? – This has traditionally been based on devices and up-time, but now you need to consider where you store data, how you protect it, and what your disposition and destruction processes are.
- If we’re receiving data, what is it? – Understanding the types of data that you collect helps you determine how sensitive it is and how you should protect it.
- How are we currently protecting that data? – Are you protecting your data both in transit and at rest? When evaluating this, also consider your archival data protection processes.
Don’t Leave Yourself Open to Attacks
When you fail to implement data security processes that scale with the growth of your business, you leave yourself open to attacks, public outcry, and legal ramifications (to name a few). We’ve seen this scenario unfold time and time again with large corporations like Facebook, Equifax, and Home Depot—companies that you would assume had the bandwidth to foresee such breaches and prevent them.
The fallout, however, is preventable. Don’t let your company be the next breach by not paying attention to the pros and cons of security vs short-term profitability. Think Forward with Adapture.