Data has the power to transform organizations but managing and securing data presents many challenges for organizations. A data breach can have several consequences for an organization, such as regulatory fines and reputational damage. With the threat of a data breach always present, safeguarding data has never been more important. According to research by Netwrix, 74% of organizations named data security as their top IT priority for 2020. Failing to properly secure your data can have several consequences including financial damage, reputational loss and compliance fines. Here are 3 challenges to data security and how your organization can handle them.
1. Data is growing quickly
Data is growing fast and with the rise of IoT devices, large quantities of data are being generated daily. Organizations cannot keep up and lack visibility on what kind of data is being stored, where it resides and who has access. If organizations aren’t able to keep track of their data, how can they secure it? According to research from Palo Alto Networks, 43% of cloud databases are not encrypted. As a result, unsecured databases continue to leak millions of records.
Organizations must keep track of their data environment and ensure their data is properly stored and encrypted. Creating a data strategy will help your organization improve how you store, access, use and manage data. This will ensure that your organization can access data when needed and ensure it’s being used efficiently.
2. Stale data and user accounts
Data needs are always changing and keeping outdated or stale data leads to an increase in the attack surface. Stale data refers to data that an organization no longer needs for its daily operations. Hanging onto stale data not only takes up storage space but can also put your organization at risk if this data contains personally identifiable information (PII). PII is subject to compliance regulations like PIPEDA and GDPR. If this stale data is involved in a data breach, your organization will be subject to potential compliance fees.
Old user accounts belonging to former employees can also pose a similar security challenge. If these accounts are not deactivated when an employee leaves, anyone with their user credentials can use their account to become an insider threat. Organizations must properly dispose of stale data and deactivate old user accounts.
3. User privileges
Research from GetApp found that 48 per cent of employees have access to more company data than needed to perform their job. This is worrying because the more users that have access to important data, the greater chance the data can be modified or accidentally deleted. This can lead to insider threats, users inside the network who can steal the data. Furthermore, if hackers gain access to a highly privileged account, they will be able to access important data and potentially make permissions changes of their own.
Using the principle of least privilege will help organizations manage how they control user access. Under the principle of least privilege, access to resources is restricted to only those needed for their roles. If users need access to important documents, they should only be given permission for the duration needed. As soon as they no longer need access, their privileges should be revoked.