The growing amount of big data collected and stored by Australian organisations is making them an attractive target for local and international cybercriminals.
Never before has so much information been so readily available to organisations. Those that have worked out how to aggregate and analyse that data effectively are reaping benefits such as better, faster decision-making, improved understanding of customer behaviour, and the ability to predict some future events. However, it seems most organisations haven’t yet realised or addressed the security challenges posed by big data.
The more data an organisation possesses, the more likely it is that they’ll be a target for attack. This is especially true if they collect and store sensitive information such as credit card details, mailing addresses, passwords and so on; cybercriminals can gain big financial rewards once they have their hands on this data.
Organisations that suffer a breach can face financial penalties as well as reputational damage. Once customers and partners have lost faith in a business’s ability to keep their data safe, they are unlikely to continue doing business with that organisation.
Data is both friend and foe; it can help organisations be more effective but it can also make them a target. Too many organisations are holding onto massive amounts of data that they don’t need anymore. When the analysis project is done, businesses should look to dispose of the information safely. However, for many organisations there’s almost a fear of missing out if they delete the data.
We have identified six key considerations for organisations looking to protect their big data and, with it, their brand’s reputation:
1. Decide what data really needs to be collected
Some businesses collect data for its own sake rather than for a specific analysis purpose. This is dangerous, as it leads to overwhelming amounts of data that are hard to protect. Businesses should limit data collection to the information required for specific purposes. This is also a requirement of the Australian Privacy Act.
2. Understand the value of data
Many organisations don’t even know what data they possess, nor do they know its value. This value increases the more data is connected. Until the value is known, organisations can’t make informed decisions on what to do with big data and how to protect it.
3. Classify data so it can be found
Data is constantly in motion. Classifying it makes it easier to find and, therefore, protect.
4. Employ a mature data infrastructure team
Managing data appropriately is essential to minimising the risk. This means storing or managing the storage of data in a way it can defend itself, or being able to de-personalising information where possible and deleting it where appropriate.
5. Know where the data lives
For some organisations, data lives in a mixture of on-premise and cloud-based repositories and is regularly transmitted for analysis purposes. It’s important to know where data lives and how those locations may affect its safety. For example, data stored in offshore datacentres may not be subject to the same privacy laws as data held in Australia.
6. Educate staff regarding data policies
Staff members are often the weakest link in data protection, albeit often unwittingly. Educating staff regarding data collection, storage, and analysis policies and procedures reduces the chances they will inadvertently cause a breach.
Businesses shouldn’t be afraid to leverage big data. However, they should protect themselves and their customers and stakeholders by putting strong security measures in place. This includes security technology as well as processes and policies designed to keep information safe, both at rest and in transit.
Alex Morkos, Director, Aleron