I was recently asked about the threat to privacy and businesses based on online behavioral tracking technology. While this has been around for many years, the sophistication of targeted advertising online has grown, yet, it is still not at a “Minority Report” level. The first step in understanding the threat is to understand the technology. Online behavioral tracking is a product of technologies built-in to web pages and web browsers that work silently in the background as you use the internet. Coding, called “cookies”, is sending your web browsing, searching, and even online purchasing information to third party advertisers. These advertisers then utilize this information to customize ads to you when you go online.
Some might say there are advantages to seeing advertisements that may interest you. You can even help by setting your preferences at https://adsettings.google.com. This lets you see how and why advertisers are targeting you with custom ads and allows you to proactively manage these preferences. There is also an altruistic benefit to targeted advertising online. Many non-profit organizations and causes depend on these relatively low-cost internet ads to generate donations. Finally, internet advertising helps keep online services free or low cost since they are a means to generate revenue for a website. These are all examples of why targeted advertising is not always an evil thing.
However, many people would argue that they never voluntarily provided any information to advertisers and feel this is a violation of privacy. Many legislatures agree and in May of 2018 the European Union enacted GDPR (General Data Protection Regulation). This law requires any business that collects your personal data to notify users what information is being gathered, how it will be used and who will be using it. There are stiff penalties, however enforcement is complicated, and these types of laws have not caught on in the United States.
Some privacy advocates warn that this type of data collection and aggregation make it easier for governments to weaponize this information and use it to polarize their enemies or as the US saw in 2016, and even to influence the outcome of an election. A lot of consumers feel this targeted advertising is “creepy” and invasive; however, they continue to share all aspects of their lives on social media sites like Facebook and Instagram.
So, what is the risk for businesses?
There is little security risk from targeted advertising tracking and indeed many businesses depend on this data themselves. The real risks are the social media sharing that employees engage in. Your own employees may make your business a target of a spear phishing attack for example, simply by the information they may routinely share online. Cybersecurity Awareness training should include the threat of sharing too much work information via social media. Businesses should have a social media policy, which employees are aware of, that helps govern what is not appropriate to share online.
Be Involved in (or at least Aware of) The Gathering of Your Data
There are ways an individual or a business network can help control the harvesting of cookies (web-based tracking code). All web browsers have built-in settings to manage and control cookies. More information can be found here: http://www.whatarecookies.com/delete.asp
The Electronic Frontier Foundation (EEF) has a browser plugin (Firefox and Opera) that blocks advertiser tracking cookies. And, Adblock Plus is the most popular Browser plugin for blocking ads and can be downloaded here https://adblockplus.org/
Ad targeting technology may seem sophisticated but is still in its infancy, which is why it is not always perfect in the ads you see while browsing the internet. However, technologies that assemble vast quantities of data and run algorithms on that data are improving as processing power and Artificial Intelligence continues to progress. There is an argument to be made whether this is a threat to privacy or simply part of the age of the internet as it matures and becomes more entwined with our daily lives. There are excellent resources on this specific topic at the EEF that can be found here https://www.eff.org/issues/online-behavioral-tracking
If you are concerned about the safety of your business, there are PROVEN ways to gather information on ACTUAL and DIRECT vulnerabilities. Call today to schedule your FREE Vulnerability Assessment and Consult or Request Online HERE.
Joe Danaher, CRISC
Chief Information Security Officer