Is Your Data Dirty? Data Hygiene Best Practices for Financial Services
The most vital asset a business controls is its information. As the driver of many business processes, data is a powerful tool, and therefore has to be secure, accurate and accounted for. When this sensitive information gets into the wrong hands, it can cause serious damage to a firm’s business operations and reputation.
Types of dirty data
Forgotten data poses a critical security risk to financial firms. This type of data includes old reports, archived emails, outdated customer information and information that is stored on devices you may not realize (e.g. flash drives, scanners, printers, and video conference equipment). Verizon’s 2008 Data Breach Investigations Report found that 66 percent of breaches involved forgotten data that companies were unaware was in their systems.
Duplicate data, similar to forgotten data, is a danger to firms because it is sometimes unknown that copies exist. Backup files can be misplaced and left behind, leaving hackers with additional access points into your network.
Outdated or incomplete data is information that employees hold on to. Whether it is old client contact information, employee information or corporate presentations, data that is not current and, hence, unneeded in your environment adds an additional access point into your systems.
The risks of dirty data
The threat is clear: having dirty data in your environment can make your firm vulnerable to attacks. And not fully understanding the data your company possesses can lead to challenging circumstances if information is corrupted or stolen. If a data breach occurs, your lack of knowledge relative to the existence of the data is not an acceptable excuse – or a remediation to the problem.
When it comes to data, the more you have the more vulnerable you are.
Protecting your data
To best protect your data and maintain proper hygiene practices, you first have to be able to identify all data within your systems. If you don’t know what’s there, you can’t protect it. Remember to consider all data levels – customers, users, internal databases, third parties, subscription services and web lists. Once you have identified the data within your network, we suggest adhering to these best practices:
Keep up with patches to protect against software bugs and vulnerabilities that can lead to data compromise
Encrypt your data to ensure that if files get into the hands of hackers, they are more difficult to access
Control and monitor file access so that employees only have access to files they need for their everyday work loads
Verify with third-party vendors that they have security protections in place to prevent hackers from gaining access to your network through their networks/systems
Evaluate your data retention policy for compliance
Add forgotten data to your risk assessment process as a reminder to review your data policies
Ensure proper disposal of data for both electronic and hard copy documentation
Practice good data hygiene by detecting, correcting and removing invaluable data on a regular basis