If your business stores customer, client and employee data, you’re probably familiar with data protection. But how do you know if the way that you’re collecting and storing data is secure? First, you’ve got to figure out where your vulnerabilities are.
What does data vulnerability mean?
Data vulnerability is the term used to describe the weaknesses or mistakes in acquiring, storing or deleting data which has the potential to compromise your business; either through lack of confidentiality, or accessibility. It’s about looking at who has access to data, how they have access to it and what impact that could have on data protection.
Essentially, when you’re thinking about data vulnerability, you’re looking critically at your systems, and the ways that data could be vulnerable to being lost, destroyed, or shared. This is really important for businesses, because these vulnerabilities increase the risk of a data breach.
A data breach can cost your company a lot of money from fines, recovery costs and security fixes. It can also result in customers and clients going elsewhere whilst your company recovers, and losing trust in your company when it’s back in business.
How do I find out where the vulnerabilities are?
To start identifying data vulnerabilities, you need to look at the life cycle of your data. Data and ethics researcher Dr Gemma Galdon-Clavell explains that the life cycle of data has five stages, and it’s at these stages where we can identify vulnerabilities, ‘there are five moments of vulnerability in every data that gets into your system: the moment of collection, the moment of storage, the moment of sharing, the moment of analysis, and the moment of deletion. In those five moments, things can go wrong.’
This is how you acquire your data. It’s likely that you’re acquiring data in a lot of different ways; through online enquiries, over the phone, through orders and accounts, or inputting it manually. Remember, data protection applies to personal data; names, addresses, phone numbers - anything that could personally identify an individual.
This is where you keep data once it has been collected. This doesn’t just mean the main place that you keep data, it’s everywhere that data is kept; which includes information sent over email, both in the attachments and the body of the email itself. Again, it’s likely that you’re storing data in a few different ways such as hard data (in paper files), on hard drives in devices such as computers and phones, and in the cloud.
The next stage in the life cycle of data is sharing. This is the way that data is sent and received by people within your organisation and outside of your organisation. That’s everyone who has access to data, including contractors. If data is accessible to a person or business, then you are sharing data with that person or business.
This is how data is analysed; when you’re running tests and hypotheses on data, and looking for patterns. This could be as simple as figuring out what email strategies work best, or who has clicked on a link on your website; but it’s important to know where your data is going during that process.
Deletion is the moment that data is removed from your systems, but this stage also includes the point at which data is retained without any reason. This is called stale data; data which you no longer use within your business but is still stored somewhere on your systems, which is very attractive to hackers.
What can I do to reduce data vulnerability?
Once you’ve looked at how you collect, store, share, analyse and delete data, you can use this information to identify data vulnerabilities.
Primarily, look at your systems as a whole. How do you feel about the process of collection? What about the way that you’re sharing data; does it feel necessary? How much data are you retaining, and for what purpose? Remember, all the data that you collect and store should be there for a reason; if there isn’t a reason, you shouldn’t be storing it.
Your data vulnerabilities will be unique to your business; however, here are a few tips and tricks to get you started.
Only collect data that is absolutely necessary
Ensure that your systems for data collection is secure
Revoke employees access to data when it is not required
Use two factor authentication
Implement a secure system for sharing data
Ensure data cannot be shared accidentally
Revoke third party access to data when it is no longer required
Analyse data that is relevant and necessary
Ensure data does not remain anywhere within your systems
Destroy data safely and securely
Is my data protected now?
Identifying data vulnerabilities in this way will help you to reduce the risk of data breaches. However, to understand exactly how secure your systems are, it’s worth bringing an IT support team on board.
Our IT support engineers can go through your pre-existing security, and identify any vulnerabilities. We can then suggest improvements and amendments, and implement these for you.
Worried about data vulnerabilities? Give us a call on 0191 482 044