Insights  |  Where is data stored, and what is a data breach?

Where is data stored, and what is a data breach?

It wasn’t so long ago that company data storage consisted of some filing cabinets and an archive room. While physical records still exist, today’s data storage is both more diverse and more nebulous. Files often need to be accessible from multiple locations by multiple people, and backed up somewhere safe – all of which introduces numerous types of data storage.

Knowing where and how your data is stored can be difficult, but it’s also vital to get a handle on. Without having a clear picture of where data is, you can’t protect it effectively – and you could be in breach of data regulations such as GDPR. Here’s a rundown of all the ways in which data is commonly stored, and why a data breach is something to worry about.

 

Where is data stored?

Within an organisation, there are a number of ways in which your data is likely be stored. However, it may not always be clear which data resides where. The expansion of digital services and communication tools mean that files are constantly being shared across locations and uploaded to different platforms, creating a lengthy digital paper trail.

 

The most common methods of data storage

If you largely live on your phone, you may not be conscious of the wealth of ways in which we store data. As well as the data on your device, there’s also the cloud to consider, as well as more legacy formats such as USB drives and external hard drives.

Here are the most common methods of data storage for organisations:

Local data storage

This refers to storing data on the device you are using. The most common example of this would be on the internal drive of your computer or phone. Removable media such as USBs sticks or DVDs also constitute local storage.

Central data storage

This means storing data in a central location where it can be accessed from multiple places, such as a shared drive or storage device on a company network.

Cloud storage

This involves data being stored in a data centre which you connect to over the internet. Services such as Dropbox, iCloud, OneDrive and Google Drive are some of the most well-known examples of this storage method.

Applications and social media

You may share and store information via social media applications (e.g. uploading photos to Facebook). In this case, it is important that you have read the company’s Privacy Policy so that you understand what data you’ve agreed to share, and where it is being stored.

 

Why is it important to know where data is stored?

Knowing where your data is stored is useful for a number of reasons. The first is simple organisation: it’s good to know where all of your files are in case you need to access them.

This could be records or plans you need to return to, old projects you intend to revive, or sensitive documents that need to be safeguarded. Ensuring your documents are organised saves time when you need to access them, and also prevents issues with different versions of files being scattered across different storage mediums.

There are also data protection considerations, particularly when it comes to customer and client data. GDPR (as implemented in the UK Data Protection Act) enshrined a number of data protection requirements for businesses, including the need to review the necessity of retaining data, deletion after a period of time, and the ability for customers to access and request the deletion of their data. All of this requires a detailed understanding of where that data exists, and how to modify or remove it.

This is complicated by the fact that many services where your data may be stored (particularly cloud storage or similar software environments) will not be based in the UK, or whichever region governs your local data protection laws. This means gaining assurances from the company in question that they are GDPR compliant; and if they are not, addressing this by enacting your own protections, or finding an alternative storage solution.

It’s also important to know where your data is in order to protect it from bad actors. Hackers and other cybercriminals will often try to steal sensitive information through a variety of methods, including phishing emails, malware, and finding personal details online that can be used to access accounts, something that’s gotten even easier with the advent of AI. Knowing where all of your datas is will allow you to secure the accounts that have access to it, or move it somewhere where it will be better protected.

 

What is a data breach?

A data breach is the unintended exposure of confidential information. These incidents can be either intentional and accidental, ranging from targeted attacks launched by cyber criminals to the negligent handling of devices or paper-based records.

Data breaches aren’t always done with the goal of stealing valuable or sensitive information (they can be speculative), but they all pose a risk of data loss, and potential legal penalties for the party accessing the data.

 

The most common causes of a data breach

We often think of cybersecurity purely in terms of viruses and other forms of malware. Yet when it comes to data breaches, there are a variety of access points which cybercriminals target, and numerous ways of gaining the information they are looking for. The key causes of data breaches are:

Exploitation of security vulnerabilities

If your apps and devices are not updated to the latest available versions, this can provide hackers with a free pass to exploit security vulnerabilities found in old versions. Such exploits can use software as a ‘backdoor’ into your systems, allowing them to gain access to files and networks.

Human error

Behaviours such as using weak passwords, sharing passwords with colleagues, sending sensitive information to the wrong recipient, and interacting with phishing scams are all examples of human error. Passwords should be complex phrases or use multiple symbols and numbers, while other errors often come down to paying close attention, and not becoming lackadaisical about email security.

Malware

If a device becomes infected, there are a number of ways in which data could be lost or stolen. Keyloggers could monitor users’ keystrokes to steal their login credentials, or ransomware could encrypt valuable data until a fee is paid.

Insider abuse

In rare cases, trusted staff members could sell off personal data for financial gain. A more common example may be former employees who still have access to company files, and leak or delete them as a form of revenge.

Physical theft of devices

If physical devices such as laptops or mobile phones are not password-protected, stealing them may give criminals unlimited access to a company’s private network, as well as local data and login details for apps or software.

After reading this information, we hope you have a better understanding of where data is stored, and the dangers of a data breach.

To discuss our data storage, data protection and cybersecurity services, or for any more information, please don’t hesitate to contact us.

Contact us

+44(0)1795 413500

solutions@sota.co.uk

  • This field is for validation purposes and should be left unchanged.