The scariest stories are always rooted in facts. A tale about a monster in the local woods may seem laughable, but it can make your skin crawl if you’ve read about a string of strange disappearances in the area. Ghosts can seem like characters better suited for movies, until you hear people recounting firsthand experiences with seemingly supernatural forces. Any story is just a story until it gets a reality check.
In the IT and security world, scary stories come true when data breaches occur. Imagine the most private, sensitive elements saved on your company’s servers and virtual infrastructure. If that information were targeted in a hack or stolen from your data center, it wouldn’t just be your company affected. Beyond the legal ramifications and expense of data exposure, a security breach can put sensitive data belonging to your clients, employees and partners in the wrong hands – leading to issues with online fraud, identity theft and more.
As Halloween, the scariest time of year, approaches, your IT system might be in need of a dose of reality. In this slideshow, Perry Dickau, director of product management at DataGravity, has identified seven nightmare-inducing examples of private data that can be maliciously exposed to the public. What risks could be hiding in your dark data? And are you ready to take the steps to find out?
Perry Dickau is the director of product management at DataGravity. He is responsible for providing guidance on product direction and development, technologies, standards, best practices and industry trends for data governance, risk management and compliance. Perry brings more than 20 years of experience in product management to the DataGravity team, and previously served as a product manager at AvePoint and other technology leaders.
Private Data at Risk
Click through for seven examples of private data that can be maliciously exposed in a data breach, as identified by DataGravity.
Employees’ Personal Information
Personally identifiable information (PII) can account for a range of data, such as phone numbers, addresses, Social Security numbers and insurance details. Every company maintains these records about employees, and if that information is stored in a location vulnerable to a security breach, the company isn’t fully doing its part to protect its team. If you don’t know exactly what information you’re storing and where it’s located, you won’t be able to defend your private data from risks.
Product Roadmaps and Intellectual Property
In the weeks and days leading up to a major news announcement, there will likely be a mixture of excitement, anticipation and anxiety in your office. Your team has come together and worked hard to get its latest version out the door, and it can’t wait to deliver the finished product to customers. If your intellectual property (IP) is made available to the public, the payoff from that teamwork is at risk. Worse, if your competitors get hold of your company’s “secret sauce,” you could lose your competitive advantage, which would be devastating to your business.
Confidential Employee Records
Companies store a significant amount of data about their employees: salary information, health records and family details, to name just a few. Most companies also conduct performance reviews at least once per year to update employees on their progress, analyze specific incidents and behaviors, and help individuals define and pursue goals for professional growth. How would your employees feel if that personal information became available to anyone who happened to search for it online? More importantly, what effect would it have on their careers and your company’s reputation?
A Patient’s Medical History
There’s a reason why medical organizations comply with industry regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), and it’s not just because they’ll face legal pressure if they don’t follow regulations. A breach that targets medical records could put patients’ private information in the wrong hands, and that could be hazardous to the health, well-being and safety of the facility’s community.
At the beginning of a new semester or term, students anticipate their class schedules, which will help plan their days in the near future. Meanwhile, the colleges and universities that generate those schedules are storing their students’ education records, academic reports, transcripts and family contact information, all while complying with industry regulations, such as the Family Educational Rights and Privacy Act (FERPA). Don’t make the mistake of overlooking private data just because it doesn’t include credit card numbers or other PII.
Future Company Strategies
Maybe you’re considering an acquisition offer, or perhaps your company is preparing to go public. Or, maybe you’re planning for a corporate merger or acquisition, and you’ve been consulting information about revenues, roadmaps, and profits and losses in order to make the decision. If this information were exposed, your customers – and your prospective partner or parent company – are unlikely to appreciate the experience, and the event could quite possibly stop your ambitious planning in its tracks.
E-Discovery and Legal-Hold Information
Law firms often deal with highly sensitive situations, and their case files and e-discovery information need to be kept secure. Protecting the integrity of those files and the handling process to which they are subject are both key to upholding clients’ trust and maintaining the firm’s credibility. If a crucial piece of evidence in a case, or details from a litigation process, were lost, stolen, or otherwise inappropriately exposed or managed, the effects could range from a mistrial and waste of resources to an unsettling experience for all parties involved.