Will wonders never cease?
Time and time again we hear the stories of companies that have been hacked, their corporate data dumped on the (dark) web for anyone with the motivation to go have a look. These breaches have revealed the personal information of tens of millions of people, leading to all types of opportunity for identity theft, spear phishing attacks, or worse.
Just think of the US Office of Personnel Management. The attack they experienced has been described as the largest theft of US government data in history, and is likely to have included highly confidential security clearance information. The information required to obtain a security clearance is astounding, imagine that level of detail floating around about you?
However, my thoughts on this are not about data security. There is a massive industry that works tirelessly to keep corporate and personal data safe, and they have some incredible technologies. But at the end of the day, those who are responsible for keeping these treasure troves of data safe, need to be correct 100% of the time – 24 hours a day, 365 days a year. On the flip side, those who are conducting these attacks need only be correct once. One success and they obtain what they seek – information.
Either way, I am not a security specialist, and I will leave that to the experts. Instead, what if we consider a different angle, and assume that at some point in time we are absolutely going to experience a data theft? Would we think harder about what we retain, knowing that some outside entity will have access to it, and possibly share it with the world? Think of it this way, if we knew that someone was going to break into our house, would we not organize certain items? Perhaps move the more valuable assets elsewhere, or put them in a hidden safe? Maybe throw away some of our old files? Things like tax returns that include tremendous amounts of information about us, but are no longer necessary to keep. Maybe we would remove those embarrassing pictures from our childhood? My point is, why risk exposing old, or obsolete information, especially if it could be made valuable in the wrong hands.
Organizations need to start taking this approach.
This made me think about the Panama Papers. The Panama Papers were the leaked files that detail financial and attorney/client information for more than 214,000 offshore entities. More than 4.8 million emails, 3 million database files, and 2.1 million PDFs from the Panamanian law firm Mossack Fonseca. Information that was collected over a 40-year period. Consider this…what if they had “cleaned up” the data that they no longer were obligated to keep?
The same can be said for countless other breaches, and the subsequent data dumps. In this increasingly regulated space, every personal record can have a financial implication to the organization that loses the data. Reputational damage, regulatory fines, and lawsuits – the costs are astounding. So why not help to mitigate some of this exposure by implementing a strategy that eliminates data that has lost relevance to a company. Why risk keeping data that no longer has business value? It costs a lot of money to retain and manage all this information. I know, I spent over a decade selling this infrastructure!
Another point to consider is if the data can’t be translated into revenue, why keep it? Redundant, Obsolete, and Trivial (ROT) data can make up a significant portion of what an organization manages. Isn’t it time that we start implementing strategies to keep us from hoarding everything – seemingly forever? Information Lifecycle Management (ILM), Data Governance, and understanding what our data consists of (Data Insight) are key to ensuring that we retain and protect only that information which has business value. Sure, it can be a little bit scary to press the delete button. But it can also be cathartic, knowing that it will result in the savings of real dollars through reduced IT administration and infrastructure. Not to mention, if we delete that ROT information, it will no longer be available to be stolen, and subsequently published for all to see. Let’s focus on keeping only the data that drives real business value. Quite honestly, it probably offers no business value, and can spare lot of heartache if that information falls into the wrong hands. Not to mention how the individuals that are victimized will be impacted.
Why not make this your company’s New Year’s Resolution?