Data is defined as facts or figures, or information that’s stored in or used by a computer and Data security includes identifying, evaluating and reducing risks related to the protection of that data. Security of data can involve a wide set of protective measures against both accidental and intentional unauthorised access, use and modification that can lead to corruption or loss or worse still, theft.
Why is data security important?
The need to prioritise information security comes from the risks that businesses are facing. Financial losses, legal issues, reputational damage and disruption of operations are among the most devastative consequences of a data breach for an organisation.
For example, the average cost of a data breach in 2019 was calculated at £3.92 million and involved an average 25,575 accounts. Breaches can be therefore, costly events and can result in multimillion-pound class action lawsuits and victim settlement funds. If companies need a reason to invest in data security, they need only consider the value placed on personal data by the courts!
To make matters worse, any breaches in security must be disclosed to customers so the lessons from these breaches are numerous, including the need to do the following:
• review credential requirements and policies;
• keep track of what data is retained and where it is stored;
• check for cloud misconfigurations regularly; and
• force password resets if a breach is suspected.
At 101 Data Solutions in Bristol, we know the importance of data security to businesses. We understand that aligning correct technologies is crucial to success and we specialise in helping clients understand data: what it is, where it resides, how to protect and store it.
The foundation of data security is a strong understanding of the location of the stored data. Companies often have vast amounts of it and the risks of a data breach rise significantly when companies don’t know where critical and regulated data is being stored — on desktops, servers and mobile devices or in the cloud. This is a huge risk because it makes detection of privilege abuse or unauthorised users accessing sensitive data almost impossible until it causes real damage.
While data can be lost or damaged due to natural disasters, the greatest threat is actually human beings. There are many examples that spring to mind from Adobe in 2013 where hackers stole 3million encrypted customer credit card records to eBay in 2014 whose entire list of 145million users and their details were illegally accessed by a hacker. Even Government Minsters have left laptops on public transport!
For years, companies have trusted their internal users and focused on defending against those accessing the network from the outside and indeed, the latest research shows that most companies continue considering hacker attacks to be the most dangerous threat.
However, there is evidence showing that it’s actually insiders who cause the overwhelming majority of security incidents. For example, hackers, who can install malware when users mishandle phishing emails by clicking links in those pesky, junk emails. Similarly, third parties can unintentionally leave interconnected systems open to attacks, or take advantage of excessive permissions and overexposed data.
Malicious intended employees might steal data with a goal of setting up a competing business, selling the information on the black market, taking revenge on the employer and so on.
Data security encompasses a wide range of challenges so minimising the risk of data breaches requires understanding and investment.