Where is data stored, and what is a data breach?
It wasn’t so long ago that company data storage consisted of some filing cabinets and an archive room. While physical records still exist, today’s data storage is both more diverse and more nebulous. Files often need to be accessible from multiple locations by multiple people, and backed up somewhere safe – all of which introduces numerous types of data storage.
Knowing where and how your data is stored can be difficult, but it’s also vital to get a handle on. Without having a clear picture of where data is, you can’t protect it effectively – and you could be in breach of data regulations such as GDPR. Here’s a rundown of all the ways in which data is commonly stored, and why a data breach is something to worry about.
Where is data stored?
Within an organisation, there are a number of ways in which your data is likely be stored. However, it may not always be clear which data resides where. The expansion of digital services and communication tools mean that files are constantly being shared across locations and uploaded to different platforms, creating a lengthy digital paper trail.
Here are the most common methods of data storage:
- Storing Data Locally. This refers to storing data on the device you are using. The most common example of this would be on the internal drive of your computer or phone. Removable media such as USBs sticks or DVDs also constitute local storage.
- Storing Data Centrally. This means storing data in a central location where it can be accessed from multiple places, such as a shared drive or storage device on a company network.
- Cloud Storage. This involves data being stored in a data centre which you connect to over the internet. Services such as Dropbox, iCloud, OneDrive and Google Drive are some of the most well-known examples of this storage method.
Why is it important to know where data is stored?
Knowing where your data is stored is useful for a number of reasons. The first is simple organisation: it’s good to know where all of your files are in case you need to access them. This could be records or plans you need to return to, old projects you intend to revive, or sensitive documents that need to be safeguarded. Ensuring your documents are organised saves time when you need to access them, and also prevents issues with different versions of files being scattered across different storage mediums.
There are also data protection considerations, particularly when it comes to customer and client data. GDPR (as implemented in the UK Data Protection Act) enshrined a number of data protection requirements for businesses, including the need to review the necessity of retaining data, deletion after a period of time, and the ability for customers to access and request the deletion of their data. All of this requires a detailed understanding of where that data exists, and how to modify or remove it.
This is complicated by the fact that many services where your data may be stored (particularly cloud storage or similar software environments) will not be based in the UK, or whichever region governs your local data protection laws. This means gaining assurances from the company in question that they are GDPR compliant; and if they are not, addressing this by enacting your own protections, or finding an alternative storage solution.
It’s also important to know where your data is in order to protect it from bad actors. Hackers and other cybercriminals will often try to steal sensitive information through a variety of methods, including phishing emails, malware, and finding personal details online that can be used to access accounts. Knowing where all of your datas is will allow you to secure the accounts that have access to it, or move it somewhere where it will be better protected.
What is a data breach?
A data breach is the unintended exposure of confidential information.
These incidents can be either intentional and accidental, ranging from targeted attacks launched by cyber criminals to the negligent handling of devices or paper-based records. Data breaches aren’t always done with the goal of stealing valuable or sensitive information (they can be speculative), but they all pose a risk of data loss and potential legal penalties.
Here are the most common causes of a data breach:
- Exploitation of security vulnerabilities. If your apps and devices are not updated to the latest available versions, this can provide hackers with a free pass to exploit security vulnerabilities found in old versions. Such exploits can use software as a ‘backdoor’ into your systems, allowing them to gain access to files and networks.
- Human error. Behaviours such as using weak passwords, sharing passwords with colleagues, sending sensitive information to the wrong recipient, and interacting with phishing scams are all examples of human error. Passwords should be complex phrases or use multiple symbols and numbers, while other errors often come down to paying close attention, and not becoming lackadaisical about email security.
- Malware. If a device becomes infected, there are a number of ways in which data could be lost or stolen. Keyloggers could monitor users’ keystrokes to steal their login credentials, or ransomware could encrypt valuable data until a fee is paid.
- Insider abuse. In rare cases, trusted staff members could sell off personal data for financial gain. A more common example may be former employees who still have access to company files, and leak or delete them as a form of revenge.
- Physical theft of devices. If physical devices such as laptops or mobile phones are not password-protected, stealing them may give criminals unlimited access to a company’s private network, as well as local data and login details for apps or software.
After reading this information, we hope you have a better understanding of where data is stored, and the dangers of a data breach. To discuss our data storage, data protection and cybersecurity services, or for any more information, please don’t hesitate to contact us.