Taking initiative over one’s own privacy and security online is more important than ever. Not only are bad actors operating at an all-time high, but organizations that consumers have trusted for years have been forced into the spotlight over their mishandling of user data.
These risks could lead to adverse impacts for employers who allow poor cybersecurity practices into the workplace if they don’t take the initiative to educate their employees.
OpenVPN surveyed 1,000 full- and part-time employees to gauge their awareness of VPN use and the tech giants who abuse data privacy.
Most employees — 77% — say they’re familiar with how a VPN works. But shortcomings in their VPN use still puts many at risk.
For example, 48% of employees use a VPN in some way. But of those, only slightly over half (52%) use a paid VPN — one that requires a monthly or annual user fee. The remainder use a free VPN, where the potential sale of user browsing data presents a security concern.
Additionally, 44% use a VPN at all times, but over half of them use a free VPN when doing so. These users even stress themselves out with the hazardous practice — 80% of free-VPN users feel concerned about the dangers of free VPNs.
Until 2019, Facebook offered Onavo Protect, a free mobile VPN app, on both the Apple App Store and Google Play Store. While it claimed to keep personal data safe and monitor app use to help users preserve their mobile data, it actually allowed Facebook to spy on users’ browsing activity and use that information for market research.
In August 2018, Apple pressured Facebook into taking it down because it violated its App Store rules. In January 2019, it was discovered that Facebook was still using the Onavo Protect code in its Facebook Research app, leading Apple to punish Facebook by forcing it to take the research app down and by temporarily suspending its internal iOS apps for its employees. In February 2019, Facebook fully retired the Onavo VPN by taking it off the Google Play Store.
Put simply, Facebook’s Onavo Protect tool abused VPN technology. A VPN encrypts user data and hides their true IP address so that no one on the network — from bad actors to a nosy internet service provider — can access it. They’re used all over the world to protect privacy and freedom of speech and information, but Facebook used their own to invade their users’ privacy.
But because of Facebook’s carelessness, many had their privacy jeopardized. Of those familiar with the Onavo Protect VPN, 57% had used the VPN app themselves. The brush with compromised data privacy seems to have scared them into safe practices — many are now extremely cautious about their privacy and VPN activity, and they’re also apprehensive of other tech companies’ intentions.
The Onavo Protect controversy is just one aspect of Facebook’s struggles with data privacy, and it was even one of the lesser-known controversies the social media behemoth faced, with only 19% of respondents familiar with it.
Conversely, 51% were familiar with the Cambridge Analytica data breach, and 43% were familiar with leaked Facebook data on Amazon cloud servers. Interestingly, a full quarter of respondents hadn’t heard of any of these scandals at all.
But for those who have, their outlook on Facebook has been severely affected. Seventy-one percent said the scandals have negatively impacted their view of Facebook, and four out of five expect Facebook to face at least one more data privacy issue in the next year.
Negative views and predictions for further data privacy issues have many consumers considering quitting social media. More than a third (34%) have thought about quitting one or more social media sites, and 20% have already quit one or more social media sites as a direct result of Facebook’s multiple data privacy incidents.
Respondents know Facebook isn’t the only tech behemoth feeling the heat as of late. Eighty-eight percent believe it’s likely that data privacy controversies will continue to arise with other tech giants such as Google and Amazon. In fact, 37% trust large tech corporations less than before the data privacy issues arose because they don’t think the tech companies have properly addressed the problems.
With the average office worker spending about 1,700 hours per year on the computer, significant risk falls on the employer when employee cybersecurity practices are lax. But employers can manage employee security risk through a few strategies.
As cyberthreats continue to rise, the average employee’s security knowledge and practices won’t cut it, especially when tech companies we all touch don’t put data privacy first. Employers will bear the brunt of this risk in the workplace. In order to negate that risk, employers have a responsibility to educate their employees and give them the tools and understanding they need to protect themselves.