No matter what data a company produces, managing it through its entire lifecycle is vital to ensure security and compliance. Whilst the default reaction is to keep data “just in case”, the simple truth is that most corporate data outlives its use very quickly. Once data is no longer deemed valuable, it becomes a liability, one that could expose an organisation to extreme risks.
Whether it’s customer, employee or corporate data, the more data an organisation manages, the more risk it carries. The last few years have seen a substantial increase in cyber-attacks, with the main purpose to steal corporate data and set a ransom for its “safe” return. In fact, the a report by McAfee states that in the first quarter of 2019, ransomware attacks grew by 118%.
Organisations should consider not only the risks of data exposure but also the cost of protecting the data in the first place. The more data you have on servers, backup tapes, and mobile devices, the more investment you need to make to ensure it’s secure. Cybersecurity needs to be a top priority for businesses of any size to protect itself against the ever-evolving threat network. According to ISACA’s State of Enterprise Risk Management 2020 study, 53% of respondents stated that they had seen increased risk to their organisation over the last 12 months. Additionally, 29% claimed cybersecurity is the most critical risk category facing enterprises today, and 33% believe that information/cybersecurity risk will be the most crucial category of risk facing their organisation in the next 18-24 months.
An organisation should not only be wary of the cost of cybersecurity and the potential risk of data breaches. There are also less measurable elements an organisation should consider. These include the cost of procuring and maintaining data storage and backup equipment; the cost of preserving personnel processes and software to manage data storage, backup and archiving; and the time and resources of workers who have to sift through unnecessary data to find relevant information.
To effectively mitigate the risk of data exposure and avoid the costs of storing and handling unnecessary information, an organisation should implement an end-to-end process for managing its information from creation to disposal. A data lifecycle management programme can benefit an organisation by reducing risk, improving service and saving on costs. Typically, the data lifecycle includes six phases:
● Create – Data creation occurs throughout organisations. It can take place on-premise either in your data centre or on employees’ devices or externally in the cloud. Protecting your data during this phase will include access controls such as passwords, threat scanning for viruses, and data classification that will specify the data type, its location, how it should be protected, and who has access to it.
● Store – Once data has been created, it is typically stored on a computer hard drive or in a datacentre. Storage also involves near-term backups that must also remain protected. Storage protections include access control around who can read and overwrite the data, device control such as data encryption, backups to protect from data loss, plus security measures to protect the backups themselves.
● Use – During the ‘use’ phase, data is accessed, viewed or processed. Protections during data usage include access control, encryption, data rights management for copyrighted information and data loss prevention, which involves software and business rules to prevent unauthorised access to sensitive information.
● Share – Data is often shared amongst internal employees and to corporate partners outside of the organisation. Data sharing can occur through the network, via removable media, or across the internet via transfer sites or email. Data sharing safeguards involve access control, encryption, network security (firewalls/intrusion detection) and data loss prevention. When organisations are dealing with third-party vendors, they should have clear measures in place for data removal and verification after services have ceased.
● Archive – For short-term data protection, all data must be backed-up regularly, either onsite or offsite. When an organisation needs to retain data for the long term, it can be archived to tape or disk media and placed in remote, secure locations.
● Destroy – When an organisation’s data reaches the end of its life, it must be permanently erased. Determining which data is erased, how it’s erased and how that erasure is verified depends on several factors, such as content type, usage needs and regulatory requirements.
Without a data lifecycle strategy in place, an organisation is leaving itself exposed to serious security risks and costs. Today, the cost of ineffectively safeguarding data comes with too high a price. Data breaches, damaged reputation, lost customers, downtime, and large fines are all potential risks for an organisation that doesn’t effectively manage its data’s lifecycle. Those organisations that take the time to invest the necessary efforts and resources in data lifecycle management can minimise the risks and costs of their business-critical data at all stages. Make sure you are not one of them. https://www.ontrack.com/en-gb/