10 Oct 5 Way Companies Create Data Security Risks
Winston Churchill once said, “The price of greatness is responsibility.” In today’s world where technology and trends change at an astronomical rate, data collection is number one tool used to assess how much “greatness” a business has versus their competitors; it also creates a security risk. Just as it can help a business to gain a competitive advantage, if not handled carefully, it can also cause empires to fall. According to IBM, 11 terabytes of data records have been breached in just the last 3 years and 75 percent of consumers won’t buy from companies they don’t trust.
Here are 5 common ways businesses increase their data security risks.
- Collecting excessive, unnecessary data or duplicating data. By collecting more data than is required, a company or organization is not only wasting resources, but they are creating a problem known as “Identity Obesity.” Identity Obesity is when a company, or an individual, collects and retains or shares excessive and unnecessary data. This collection or duplication of data creates a risk of data being shared unnecessarily or creates the greater possibility for data to be mishandled. It is important to constantly assess if the data being collected or duplicated is worth the cost and effort to maintain and store securely.
- Flawed Business Processes. Business processes with little no training involvement, gaps and an exorbitant number of exceptions can create unnecessary data risks and increase the potential for employee negligence. Constant assessment of current practices and training on policies and procedures, along with an understanding of consequences can reduce your level or risk.
- Data hoarding. By retaining data longer than required by law can not only increase a company or organizations risk of a breach, it can cost the company more that it’s worth in fines, legal fees, and reputation. With that being said, the improper disposal of data can do the same.
- Company Oversharing. Sometimes it is necessary for companies to share data collect for operational purposes such as education, analysis, improvement and expansion. However, companies may unnecessarily share too much data with employees, contractors or third-party entities that increase a company or organization’s risk exposure.
- Employee mobility and lack of cloud support. Today we leave in an age where BYOD (Bring Your Own Device) is common. This means that a company or organization’s data is not only mobile, but should that employee ever leave, access to that data may have left too. This also means that more confidential and secure information is being stored on personal, less secure platforms and therefore increasing the risk of sensitive information falling into the wrong hands. By providing employees with devices that can be monitored and controlled by a company or organization’s IT department, you are reducing your risk of potential unintentional ethical issues.
As a company, being vigilant and aware of how your data is collected, shared, disposed of, and maintained allows for a more secure infrastructure and reduces your risk of data becoming compromised.