The Hidden Dangers of Storing Obsolete Data
Nearly every service you interact with online has lost or misplaced data at some point, and that creates a variety of different risks. For Google, it might be a series of lightning strikes in August 2015 that caused a small but permanent loss of data.
For you, it might be an old hard drive full of company information that was tossed in a box or storage closet that somehow made its way out the door.
Every year, we hear stories about how we’re generating more data and more reports than ever before. This leads to hard drives and data tapes that become full or are made obsolete because they can’t store everything we need. And, unfortunately, every year we hear about companies who store these, only to forget about them as the months go by.
The idea that feels smart in the interim ends up generating a huge amount of risk.
Data Losses Reach Deep
A few years ago, IBM potentially compromised as much as 1.9 billion people’s medical records when it misplaced hard drives in its data center, which were potentially stolen. More than 1,000 UK government laptops, computers, and flash drives were stolen during 2016 — that’s nearly three per day and it meant that tens (to potentially hundreds) of millions of people had their personal information lost or stolen.[i]
If harm is done because of those hacks and lawsuits are filed, the UK government would face significant damages and cost.
So, what if it was your business who accidentally leaked customer data and faced big lawsuits? Could you weather the storm?
That can be a bit scary, so let’s look at your top risks and how to address them, especially when it comes to storing obsolete data and obsolete data devices:
1. Insufficient User ID and Control Systems
Most data thefts and thefts of company secrets or customer information come from within.[ii]
You need to limit who has access to your data as well as who has access to your storage locations. Take an inventory and keep it under lock and key. Don’t throw everything into the spare closet that has no security cameras or always remains unlocked. You face risk of losing property and customer data, and that could sink your business.
2. Theft and Misplacement Risk Misunderstandings
Do your asset management policies include counting equipment and hard drives frequently? If a drive, USB, or laptop went missing today, how soon would it be before your control team knew?
Misplacing equipment, whether accidentally or intentionally, can happen quickly. If your company faces these risks because it doesn’t understand or control assets — or doesn’t take the time to review your risk of losses — then your company is at risk of losing data and equipment right now.
That also means you’re at risk of experiencing a breach and then having to notify your customers.
3. Offsite Storage Accountability
At the beginning of 2017, a filmstrip of Marilyn Monroe was discovered in a shopping bag mixed in with home movies, that provided a rare glimpse of the star in New York[iii]. It’s been a gold mine-type find for film buffs and historians.
But what if, in the next shopping bag or cardboard box, is a gold mine for data thieves? That’s a pretty distinct possibility if you’re storing your data offsite with little oversight. Just think about it for a moment, and see if you can answer these questions:
- Who has access to the data while it’s not under your supervision?
- Where is the chain of custody (after all, it is your data)?
- Are there background checks completed for employees managing access to your unit?
- How many different people have had access to your data during your contract?
- Does your storage company have specific security requirements for its partners and third-party vendors? Are they strict enough?
Any lack of a secure, manageable control system is a major threat to the security of your data.
What Do You Do?
First, it’s time to take a good, hard look at your data and see what you must save and what you’re simply hoarding. Working with data science teams and analysts can help you determine what data has value and could be analyzed.
If you’ve still got digital recordings from customer calls back in the 1990s with no clear plan to transcribe and analyze them — or if they cover products you no longer carry — it’s probably time to delete the data and shred the hard drive.
In some situations, you may be required to keep data storage devices longer than you wish. Government regulations or existing corporate policies can extend data retention schedules. In these cases, go back and apply our big three risks to make sure you’re keeping that obsolete data safe and secure.
While it might seem tedious or expensive, you’ll be saving a lot if you prevent a data breach. According to IBM, the average 2016 data breach cost the impacted company around $4 million.[iv]
That alone seems worth taking the time to ensure your data is safe and secure. If you’ve got questions on data security or need held destroying obsolete data you identify as not needed, just click the button above to have a free conversation about your needs and learn more about Securis can help safeguard your brand.