As companies spend more money on cyber defense, they are often protecting vast amounts of data that is of little or no business use and some information which, if exposed, could be potentially embarrassing.
And if you are like most companies, you have a certain amount of “zombie data” – or information that you may not even realize you had, but that could be harmful if discovered and abused by an outside party.
One of the biggest challenges today is to keep intruders away from your most sensitive files, as well as from files that could be potentially embarrassing if they were leaked.
Worse, if your business is hacked, you will have to sift through troves of data, much of it information that’s never accessed, to find out what the hackers may have breached.
Think about all of the files you have that are of little value to your business: drafts of reports, duplicates, personal communications, and more. What’s important and what’s not? You’ll have to look through it all to find out if sensitive information was compromised.
This is why businesses should manage and cull their data regularly – or at least remove data not integral to their operations from their main database. That way, your business can reduce its “cyber perimeter” to reduce the infrastructure that you have to focus on securing and protecting.
A recent blog post by the law firm of Pillsbury Winthrop Shaw Pittman recommends taking the shears to your electronic data. It reasons that the less data you have to secure, the more you will be able to manage and protect the information that is the most important to your company.
Doing this will also make it easier to monitor who has accessed which data.
Trimming the amount of data you store reduces the chances of information being exposed that may not be high value or protected personal information, but communications that might be embarrassing to your company.
Think you don’t have that kind of content? Just think back to the Sony Pictures breach when its president’s e-mails criticizing certain movie stars were leaked and exposed to the public. What if you or one of your staff made flippant, derogatory comments about a customer in an e-mail? That could be there.
As to the issue of zombie data – the enormous amount of data most organizations keep that lacks both purpose and insight – this information, which usually originates from former employees, has no business value or valid reason to be retained but is still being preserved, backed up and maintained on corporate networks.
It’s zombie in that the user no longer exists, and the data is inactive.
Most zombie data comes from files and file shares which IT organizations routinely dump off of devices when employees leave companies.
Zombie data poses two problems. It takes up storage space, which costs money, and you would have to try to retrieve it if you are embroiled in a lawsuit and the opposing lawyer files for discovery.
So now zombie files would need to be queried, which is not an easy process like reading a directory, for the appropriate employee or user. The process is tedious and may turn up significantly more information than the company needs to review and potentially produce. In short, it’s expensive to do this.
To avoid this scenario, you may want to consider culling your records, but make sure you comply with your preservation obligations as well as applicable regulations and laws.
The brass tacks
Obviously the less harmful the information is that exists on your servers, the better off a company is.
One other benefit from trimming the amount of data you store is that it allows you to better focus your current cyber defense efforts on the information that matters most.
It may also free up some of your budget, which you could use to encrypt the data so that hackers might not able to use it, or on other techniques designed to make it more likely that hackers will gain access to wrong or useless information.