So it’s 2016 and data is still being stolen but is that the main issue? You may remember your grandparents saying years ago we used to leave the house doors unlocked and we never locked the car either. These days you can’t even leave a packet of crisps unattended so why do so many businesses leave something as valuable as their data unlocked?
[h2_heading]It’s 2016 and data is still being stolen[/h2_heading]
There are really 2 issues we need to address here. The first is that, believe it or not, your data is so valuable to bad actors they will do anything to steal it. Your data is not just a list of orders in your ecommerce system. It is trends that show what the market is purchasing. It shows what other users bought with those items and it can help predict what they will buy and when in the future. That is some very expensive market research and whilst bad actors most likely will not want it for that reason someone else might.
Another often overlooked piece of information that you are trusted with is your users usernames and passwords. Most of the time a username is an email address and as users are inherently lazy (sorry its the truth) they tend to reuse the same username AND password for every single service they have signed up to. This is not such a surprise as there are a multitude of different services users need to help them organise their personal and work lives. With so many it’s easier for them to just use the same combination on every site. Good for their memory bad for their security.
The second point that needs addressing in “it’s 2016 and data is still being stolen” is encryption. Having your data stolen is bad enough but not making it difficult for it to be sold on is almost a crime in itself. Nothing is 100% safe, nothing is 100% unhackable but encryption can at the very least stop data being sold on and at most make it so damn difficult to break (by taking so long to decrypt) that it is essentially useless. Have you ever bought a bike lock? Some offer £30,000 as compensation if thieves manage to break the chain. Now the company itself will know that the chain is not unbreakable but they realise that it will take so long to do or require very special equipment which you can not carry around easily in order to remove it. It is this preventative measure (the time needed to break in) that will force bad actors to find another easier target.
So whilst it’s 2016 and data is still being stolen, that is not the real issue. The issue is that this data is not encrypted and that is a massive problem for your company and your customers. It is your issue and it needs to be addressed by at least the IT department responsible for your business and most likely by the C level directors responsible for the company. Data loss may never be 100% preventable but it sure as hell does not need to be useable too.
So encrypt your backups and encrypt your data and for heavens sake do it now so I don’t have to write a 2017 article 🙂