All data breaches have one thing in common: someone gets away with data they should not have. Data can’t be stolen if it’s not there. Retain what data you must by law and to deal with short-term business needs, store what you need long-term off-line, and delete everything else. A breach at some point in time may be inevitable, but the impact is lessened if you don’t put any more data at risk than you absolutely need to.
The first computer you owned was probably pretty pathetic when compared to the systems you’re using today. I remember the first time I bought a 100 megabyte hard drive, and how much it cost (a lot). Today a PC that doesn’t come with a hard drive that will hold several hundred gigabytes is pretty rare, and buying one aftermarket costs less than what you spend on week’s worth of fancy coffee drinks. Today we think nothing of clicking and saving files, web pages, whole movies, and catalogs of music because storage is so cheap and reliable. But all that data can also be a liability.
As an individual or business owner you are obliged to keep certain types of data for a given period of time, like tax filings, financial records, and so forth. There is also data that makes it easy to do your job, like customer information, billing information, and so on. But at some point, the convenience of having all the data at your fingertips is overcome by the risk associated with having that much and that diverse a set of data lying around. You’ve heard about the data breaches at Equifax, Target, Home Depot, Marriott, and so many others. You may have been impacted by one of them and had to have your credit or debit card replaced, but malicious outsiders are not the only problem you face. What would be the impact to your business if a disgruntled employee decided to get back at you by leaking that data? What happens when clumsy Katie accidentally corrupts the customer database?
What data you absolutely must retain should be archived per the backup scheme you put into place following the guidance provided in the chapter on backups. Get rid of everything else, or at least keep it off-line for retrieval if you think you’ll need it. That you can store it live and online doesn’t mean you should, especially if it can be used against you or your customers, if compromised.
No comments:
Post a Comment