Close this search box.
Close this search box.

Data Harvesting: Are We Putting Our Businesses At Risk?

Security breaches are what come to mind when CEOs think about cybersecurity, but there is another potential threat that is perfectly legal: Data harvesting.


Though security breaches are what come to mind when business owners think about cybersecurity, there is another practice that is perfectly legal, but that could also put your business at risk if you are not aware of it: Data harvesting.

Less than half a year ago, news hit the airwaves that British company Cambridge Analytica had obtained the personal information of over 87 million Facebook users and had used that information to craft targeted messages that affected the 2016 presidential election. While this brought the concept of “data harvesting” to the attention of the public and stoked passionate debate about the election, its impact on businesses might not be so clear—let alone what business or firm owners should do about it.

By understanding what data harvesting is and why it is so pervasive, we can begin to understand what both individuals and organizations need to start doing to improve their security while online.

What is Data Harvesting?

Data harvesting is the practice of collecting large amounts of data from online sources. Sometimes this data is used by the harvester, and sometimes it is simply “packaged” and sold.

The personal information and online behavior of millions of individuals has value to advertisers, political campaigns, researchers, and more.

Much of the data being harvested is created online by users who, knowingly or unknowingly, hand over their data for the sake of some future benefit or immediate convenience. For example, taking a quiz or playing a game on Facebook can make that user’s profile information available to the maker of the app, as well as to advertisers affiliated with the app maker. Most of the time, this data is used to target advertising campaigns.

Why is This a Concern?

Most data harvesting is perfectly legal. But there are two issues worth raising, which the Facebook case illustrates well:

First, even when there are strict data policies in place, this does not prevent misuse. In the Cambridge Analytica story referenced above, information on most of the 87 million users was collected via a quiz app developed by researchers at Cambridge University (no affiliation; the similarity in names is coincidental). One of the researchers personally passed on the data to Cambridge Analytica, against Facebook’s terms of service. In short, bad actors can still disseminate your data, even if you trust the company originally collecting it (legally).

Second, even when there is technically no “misuse,” data harvesting can be a violation of privacy for those who are not paying attention. As the old saying goes, “If you are not paying for a product, you are the product.”

Data Harvesting: How It Could Impact You and Your Business

When it comes to our personal data, the implications are obvious. We might be fine with an online retailer having our name and address. But are we really OK with Google using our phones to track every trip made? Or how about the Facebook app listening in on phone conversations to show targeted advertisements?

Remember, sites like Facebook don’t ask for money, precisely because they do not want money from you, the consumer. They want mindshare. It’s that mindshare that they then sell to advertisers. It’s a model that encourages Facebook to learn everything they can about a user, with hungry corporations champing at the bit for that kind of granular data.

Data harvesting is even more of a concern when it comes to businesses and firms.

Take corporate data, for example. Naturally, most businesses want their basic information out there, reaching the widest possible audience—information like their name, address, contact information, and branding.

Now consider other bits of data that might be harvested when a company’s employees go online or are active on social media:

  • Your employees’ contacts (for example, via LinkedIn), including contacts with your clients, vendors, partners, and so on
  • When your brand accounts are active on social media, and who they follow (which, again, might include many of your current clients and prospects)
  • Communications with clients and prospects that occur via social media
  • What addresses your sales reps visit
  • What things you and employees have searched for on Google, Bing, YouTube, and so on.

In other words, data harvesting does not just affect individuals. Businesses and firms need to take stock and educate employees to avoid scenarios where the above data can be harvested easily and used. Failing to do so might mean that vendors, competitors, or even hackers with bad intentions can access information vital to running your business.

Finding the Balance Between Convenience and Securing Your Data

Any security expert will tell you there is always a trade-off between security and convenience. (Passwords are a good example. A strong password with lots of numbers and special characters is hard to remember. But that’s exactly what makes it more secure: It’s hard to replicate.)

That said, here are 3 simple tips that are easy to follow, and that are more than worthwhile when it comes to protecting your data.

  1. Take five minutes to review privacy policies

Almost all privacy policies for the websites you use are easy to find, or can be given to you by request. Take a look at the ones your business uses frequently, and see what steps these companies are taking (or not taking) to protect your data. While you are at it, look for ways to opt out of any data-sharing agreements that you are not comfortable with, by changing your privacy settings.

2: Advise employees to browse the internet in Incognito or Private Mode.

This browser setting gives you the same user experience as a typical browser window, but no cookies are stored on your computer. Cookies are small text files downloaded to a computer when browsing a website, capturing how the user interacts with it. This information can be as simple as the buttons you click or as complex as your addresses and passwords. There is some small inconvenience here, as private mode requires that an employee will have to enter their user information at each log in. And the protection is not 100%. But at least you will have significantly more control over what information a website can collect.

3: Operate under the assumption that everything you put online will be harvested.

In the same way you need your team to hesitate before clicking on an unexpected email attachment, you need them to hesitate before sharing company information online. We should always assume that companies are gathering the following information:

  • What you’ve directly input into their site, or given to them, and
  • Other data you’ve left on other websites that could be associated with your online profile or online behaviors.

In an interview with, Tim Lynch, Ph.D., president of gaming computer company Psychsoftpc, put it very simply: “Once you go online, your data is going to be harvested.” Educate your employees about the nature and prevalence of data harvesting, and empower each individual to limit your company’s exposure every time they go online.

Final Thoughts

In today’s technology-saturated world, it is nearly impossible to live completely off the grid, so you have to be vigilant about your Internet activity. But by making a few simple modifications, you can significantly reduce the chances of your personal or business information being harvested.

RelatedCEO Voices: Making Sense of Cyber Security


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events


    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)


    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.