In the Washington Post article, entitled “Millions of sensitive Facebook user records were left exposed on public web, security researchers say,” Post reporters Tony Romm and Elizabeth Dwoskin report that over a half billion Facebook records have been sitting exposed to any comers on an Amazon cloud-computing server. Cybersecurity implications – and lessons –keep spinning off from the social media giant’s privacy stumblings.
Romm/Dwoskin unravelled the story when security outfit UpGuard’s Cyber Risk team revealed it had discovered “two more third-party developed Facebook app datasets…exposed to the public internet…” One was a half billion records from Mexico media company Cultura Colectiva, and the other was the over half-billion records of Facebook users, including account names, likes, comments, shares, IDs, and much more. UpGuard found that both troves of structured data were being stored right there in full public view for any good or bad actors to access and exploit.
In Facebook’s case, the security failure traces to a third-party app developer that mishandled the sensitive records by storing the structured data on a public database, allegedly in violation of Facebook policies.
In an article on biglawfirm.com, an attorney Jake Bernstein was quoted as saying: “the most important thing for law firms to learn is that they cannot keep their heads in the sand any longer. Data security issues affect everyone, but only attorneys have an ethical duty to keep their clients’ confidential data free from unwarranted access and disclosure.” By all accounts, while progress is being made, by and large it hasn’t changed for many firms.
While the Facebook breach relates to structured data, much of the law firm’s sensitive information lives in “unstructured data” formats. Do you understand the difference between structured and unstructured data, and what different measures must be taken to provide proper cyber protection for each? If you do not know the difference, and you don’t know what cyber and infosecurity products are in the marketplace to address the concerns arising from both, how can you properly discharge your fiduciary obligation to your clients to protect and secure their confidential information?
In future blog posts we will further explore the difference, and comment, specifically as it relates to unstructured data.