Just about every business works with masses of data every day, much of which is used and then filed away and forgotten. Gartner calls this forgotten data “dark data,” and defines it as “information assets organizations collect, process and store during regular business activities, but generally fail to use for other purposes.”
Forgotten data poses a serious security risk. In fact, Verizon’s 2008 Data Breach Investigations Report found that 66 percent of breaches involved forgotten data—data that companies do not even know is in their system.
Forgotten data includes all sorts of information that hackers can potentially find on the deep web, including old reports and sales presentations, archived emails, outdated customer information, network log files, and metadata. Forgotten data also includes information that your company may store without realizing it, not only on PCs and thumb drives but also on devices such as:
Take the 2012 Affinity Health Plan breach, for instance, in which the hard drives on several leased photocopiers contained confidential health information for more than 344,000 patients.
Affinity failed to delete the forgotten data on the hard drives before returning the copiers to the leasing company. The result? Affinity was fined over $1.2 million by the U.S. Department of Health and Human Services (HHS).
Five Steps to Protect Your Business
What can companies do to protect themselves? Here are five steps you can get started on right now:
If a data breach occurs, saying that your company did not know the data existed will not be an acceptable defense. That’s why it is critical to take those five steps now to find, protect, or dispose of all your data—including data that’s been long forgotten.
Mahmood Sher-Jan is EVP and General Manager, RADAR Product Unit, at ID Experts. He brings over 25 years of experience in developing risk and fraud management, security, compliance, and data beach solutions.
Originally posted on ID Experts blog. Reposted with permission.