Behind the British Airways Data Breach: Poor Digital Governance?
Another day, another data breach. British Airways recently announced that 380,000 customer financial records had been stolen by malicious actors through their mobile and desktop sites. It seems data breaches like these have become a regular part of our lives and a common headline in our daily newsfeeds. Yet no matter how common these incidents have become and despite growing concerns, companies appear to be overlooking some relatively easy to implement safeguards for protecting their customers.
Recent scandals involving Facebook and Cambridge Analytica have only increased the focus that consumers have around how their data is collected and used, as Gallup recently discovered. And with laws like GDPR now in effect, companies have even more incentive to ensure that they’re handling data in a secure and sensitive manner. So why do data breaches still happen?
Lack of Digital Governance
Modern web applications are increasingly reliant on third-party technologies to provide valuable insight and create business value to the organization. In fact, our friends at Ghostery published a study showing that 79% of global websites are using third-party scripts often for tracking or advertising purposes. But this reliance can be a gamble, as these scripts introduce ways in which bad actors can get onto your site. Some experts speculate that the British Airways breach could be tracked back to a few lines of malicious code on their site.
This story and the vast number of people potentially affected underscores the importance of establishing a Digital Governance policy. Understanding which third-party technologies are currently collecting data on your site and how they got there is the first step in creating a digital governance process. You wouldn’t allow strangers to walk through your office unsupervised, why allow them to do so on your site?
To illustrate the complex ecosystem of tags that lie beneath the average enterprise company’s website, here’s an example using our proprietary Trackermap® tool. Here you’re seeing not only the tags this unnamed organization has added to their website, but the additional tags that came along with them.
To get an idea of the tags lurking underneath the hood of your website, you can try it for free.
What is Digital Governance?
Digital Governance is the process by which your company undertakes an evaluation of the digital technologies, assets, and properties that you own and assigns ownership to them. So, for example, if one of your key business vendors goes down, you know who to turn to internally to get them back up and running. Large organizations with globally distributed marketing teams and multiple stakeholders are often the ones most in need of this help.
Setting up this foundation for accountability begins with auditing and understanding the technologies currently being used on your site, determining who is responsible for them, and establishing the business value of each vendor. Once that’s been done, it’s time to conduct a risk assessment by going through each tag and asking the question: do we really need this tag on our site considering the exposure or liability it poses?
The Benefits of a Digital Governance Strategy
Establishing a digital governance strategy provides real tangible value to organizations that are reliant on third-party digital vendors. The benefits of such a strategy include:
- Reduced Risk and Regulatory Compliance
- GDPR and other laws place special emphasis on how data can be collected and used and what safeguards should exist to ensure that user data is protected. Understanding who is on your site, what their privacy practices are, and disclosing the data they collect (along with managing consent) are all dependent on a keen digital governance strategy built on reducing risk.
- Improved User Experience
- We all know how frustrating a website that takes too long to load can be. Your users expect to quickly navigate to what they want on your site. Too many slow or unnecessary tags can compromise your website and result in an overall poor user experience.
- Operational Efficiency
- Redundancies and poor implementation of tags can result in hours of unnecessary development work. Cleaning up the implementation process and policing the use of tags can streamline the process of deploying and managing tags on your site.
- Vendor Accountability
- Ensure that the vendors you work with are delivering on their commitment and providing value by monitoring up-time and kept abreast of tag failures.
So, where do you start when it comes to building a digital governance strategy? This is where Crownpeak can help. Our patented monitoring and governance solutions provide companies with clear insight into what’s happening on their websites. Through automated alerts and reporting, we make it easy to stay on-top of your vendors and ensure that they’re delivering safe and effective solutions for your business.
From mitigating the risks associated with the use of third-party tags to helping you comply with data privacy laws, we provide technology to ensure your digital governance strategy is successful.
Perhaps more importantly, we’re here to make sure your organization stays out of the headlines in this age of data breaches, loss of customer trust, and data privacy incidents.