Data Harvesting: Are We Putting Our Businesses At Risk?

© AdobeStock
Security breaches are what come to mind when directors think about cybersecurity, but there is another practice that is perfectly legal whichcould also put your business at risk: Data harvesting.

dataThough security breaches are what come to mind when business owners think about cybersecurity, there is another practice that is perfectly legal, but that could also put your business at risk if you are not aware of it: Data harvesting.

Less than half a year ago, news hit the airwaves that British company Cambridge Analytica had obtained the personal information of over 87 million Facebook users and had used that information to craft targeted messages that affected the 2016 presidential election. While this brought the concept of “data harvesting” to the attention of the public and stoked passionate debate about the election, its impact on businesses might not be so clear—let alone what business or firm owners should do about it.

By understanding what data harvesting is and why it is so pervasive, we can begin to understand what both individuals and organizations need to start doing to improve their security while online.

What is Data Harvesting?

Data harvesting is the practice of collecting large amounts of data from online sources. Sometimes this data is used by the harvester, and sometimes it is simply “packaged” and sold.

The personal information and online behavior of millions of individuals has value to advertisers, political campaigns, researchers, and more.

Much of the data being harvested is created online by users who, knowingly or unknowingly, hand over their data for the sake of some future benefit or immediate convenience. For example, taking a quiz or playing a game on Facebook can make that user’s profile information available to the maker of the app, as well as to advertisers affiliated with the app maker. Most of the time, this data is used to target advertising campaigns.

Why is This a Concern?

Most data harvesting is perfectly legal. But there are two issues worth raising, which the Facebook case illustrates well:

First, even when there are strict data policies in place, this does not prevent misuse. In the Cambridge Analytica story referenced above, information on most of the 87 million users was collected via a quiz app developed by researchers at Cambridge University (no affiliation; the similarity in names is coincidental). One of the researchers personally passed on the data to Cambridge Analytica, against Facebook’s terms of service. In short, bad actors can still disseminate your data, even if you trust the company originally collecting it (legally).

Second, even when there is technically no “misuse,” data harvesting can be a violation of privacy for those who are not paying attention. As the old saying goes, “If you are not paying for a product, you are the product.”

Data Harvesting: How It Could Impact You and Your Business

When it comes to our personal data, the implications are obvious. We might be fine with an online retailer having our name and address. But are we really OK with Google using our phones to track every trip made? Or how about the Facebook app listening in on phone conversations to show targeted advertisements?

Remember, sites like Facebook don’t ask for money, precisely because they do not want money from you, the consumer. They want mindshare. It’s that mindshare that they then sell to advertisers. It’s a model that encourages Facebook to learn everything they can about a user, with hungry corporations champing at the bit for that kind of granular data.

Data harvesting is even more of a concern when it comes to businesses and firms.

Take corporate data, for example. Naturally, most businesses want their basic information out there, reaching the widest possible audience—information like their name, address, contact information, and branding.

Now consider other bits of data that might be harvested when a company’s employees go online or are active on social media:

  • Your employees’ contacts (for example, via LinkedIn), including contacts with your clients, vendors, partners, and so on
  • When your brand accounts are active on social media, and who they follow (which, again, might include many of your current clients and prospects)
  • Communications with clients and prospects that occur via social media
  • What addresses your sales reps visit
  • What things you and employees have searched for on Google, Bing, YouTube, and so on.

In other words, data harvesting does not just affect individuals. Businesses and firms need to take stock and educate employees to avoid scenarios where the above data can be harvested easily and used. Failing to do so might mean that vendors, competitors, or even hackers with bad intentions can access information vital to running your business.

Finding the Balance Between Convenience and Securing Your Data

Any security expert will tell you there is always a trade-off between security and convenience. (Passwords are a good example. A strong password with lots of numbers and special characters is hard to remember. But that’s exactly what makes it more secure: It’s hard to replicate.)

That said, here are 3 simple tips that are easy to follow, and that are more than worthwhile when it comes to protecting your data.

  1. Take five minutes to review privacy policies

Almost all privacy policies for the websites you use are easy to find, or can be given to you by request. Take a look at the ones your business uses frequently, and see what steps these companies are taking (or not taking) to protect your data. While you are at it, look for ways to opt out of any data-sharing agreements that you are not comfortable with, by changing your privacy settings.

2: Advise employees to browse the internet in Incognito or Private Mode.

This browser setting gives you the same user experience as a typical browser window, but no cookies are stored on your computer. Cookies are small text files downloaded to a computer when browsing a website, capturing how the user interacts with it. This information can be as simple as the buttons you click or as complex as your addresses and passwords. There is some small inconvenience here, as private mode requires that an employee will have to enter their user information at each log in. And the protection is not 100%. But at least you will have significantly more control over what information a website can collect.

3: Operate under the assumption that everything you put online will be harvested.

In the same way you need your team to hesitate before clicking on an unexpected email attachment, you need them to hesitate before sharing company information online. We should always assume that companies are gathering the following information:

  • What you’ve directly input into their site, or given to them, and
  • Other data you’ve left on other websites that could be associated with your online profile or online behaviors.

In an interview with, Tim Lynch, Ph.D., president of gaming computer company Psychsoftpc, put it very simply: “Once you go online, your data is going to be harvested.” Educate your employees about the nature and prevalence of data harvesting, and empower each individual to limit your company’s exposure every time they go online.

Final Thoughts

In today’s technology-saturated world, it is nearly impossible to live completely off the grid, so you have to be vigilant about your Internet activity. But by making a few simple modifications, you can significantly reduce the chances of your personal or business information being harvested.

  • Get the Corporate Board Member Newsletter

    Sign up today to get weekly access to exclusive analysis, insights and expert commentary from leading board practitioners.



    20th Annual Boardroom Summit

    New York, NY



    Board Committee Peer Exchange

    Chicago, IL