Customer Data – A New Cybersecurity Focus

The issues surrounding cybersecurity have been a constantly reiterated theme. This included discussions of ransomware, of maintaining your business continuity, and of managing to navigate Disaster Recovery processes. However, there is a new cybersecurity focus for some industries that has not seen as much attention yet – protection of customer data.

Customer data is a major and growing concern across industries; it is one of the things that has prompted greater government regulation, which we spoke of last week; protection of personal information from misuse is an issue that resonates with an increasing slice of the population.

Besides government regulation looking at misuse of customer data, which is a topic all of its own, there is the reality that increasingly, personal data is a valuable commodity for criminals to steal and use – either as a saleable good in its own right, or as something that can be exploited for further criminal activity.

As such, safeguarding data in a secured system is likely to become an ever increasing focus, especially for sectors such as the financial world or the medical sphere where confidential data is a large part of standard operations.

Increasing volumes of customer data

Customer data volumes continue to soar as the world digitizes and industries continue to migrate legacy systems into current electronic form, and the existing electronic records onto the Cloud. As soon as 2021, some voices have raised concerns that this could lead to security gaps. The benefits of Cloud services, however, have been alluring enough that companies continue to migrate their data on mass regardless.

This is further added to by the proliferation of new AI tools, which encourage continued growth of data generation rates. For example, in the financial sector, HR Block (one of the major players in the USA self-reporting tax world) has heavily leaned into OpenAI partnership this year to improve their customer experience. This is likely to have a positive impact on the user experience, but adds more layers of complexity to an already complex system – and potentially, new vulnerabilities to exploit.

Customer data and criminals – a commodity and a vulnerability

Cybercrime is and remains one of the most dangerous risks for organizations in the digital world. More than 60% of the 1,000 largest companies in the US have experienced a public data breach, and it is estimated that, on an annual basis, one in four of those companies will experience a corporate breach. Globally, in 2021, over half of organizations in every country surveyed suffered a ransomware attack.

Increasingly, a target for data leaks and breaches may not be company data as such, but specifically confidential customer information. This customer information has been commodified, being a valuable item to sell on to other criminals or to hold for ransom.

Among the end uses of personal information, identity theft remains one of the highest and most worrying; recently, complex and well executed deepfakes have been used for spearphishing, demonstrating the viability of creating a picture of organizations and individuals which is complex enough to fool coworkers.

Safeguarding information requires preparation

The need to keep customer data safe places increased stress on organizations, which find themselves on the horns of a dilemma. As has already been expressed on this blog in previous articles, the process of disaster recovery is a key aspect of preparation and of ensuring that breaches do not unduly cripple your organization.

However, disaster recovery is an after-the-fact approach to mitigating damage, when safeguarding customer data is focused far more on prevention. Once a breach has occurred, it has to be expected that any data stored in compromised systems has effectively been leaked. As such, the steps needed to help prevent this are more complex and stringent than otherwise:

No unnecessary data stored

As noted in the Apple whitepaper linked above, one of the keys to prevention in this area is reducing the amount of data that can be affected by a potential breach. This means adhering to best practices regarding automated data retention, removing any data that is no longer required for business continuity or regulatory compliance. Of course, this also means having data management and storage systems in place that can perform this retention and removal!

Airgapped systems

Having data management systems and storage systems airgapped from your day-to-day operation is another key aspect of preventing breaches – or rather, of isolating breaches so they do not compromise all data and assets. By separating data storage, data management, archives and backups from the live systems most likely to be compromised, you lessen the likelihood the data stored on these will leak.

Education and know-how

The final aspect of preventing data leaks and breaches is going to be, as always, education for employees. Recognizing increasingly complex attempts at spearphishing and social engineering goes a long way – the vast majority of large company cyberattack reports still find the root cause was a phishing attempt that was recklessly clicked by an unsuspecting employee, providing initial access to company systems. Teaching the lessons early and well helps prevent the issue arise.

Protect your business with contentACCESS

As mentioned above, one of the key aspects of helping prevent customer data leaks is going to be the capability of smoothly managing the customer data you already have. You need systems that can easily assign coherent and complex data retention policies, manage data storage and deletion, and remain in compliance both with best practices and with government mandates. And, to top it all off, ideally a system that achieves all of the above in a single package to prevent redundancy and excessive costs. Fortunately, this couldn’t be easier.

TECH-ARROW’s contentACCESS Archive is an optimal solution for covering this use case. Our archive supports all retention and deletion policies and needs, allowing you to set comprehensive policies for all your data storage. At the same time, we can help guarantee compliance with GDPR and all other major regulations, help you establish disaster response and recovery, and boost productivity – all in one package.

In addition to meeting retention and data handling needs, our contentACCESS Archive’s flexible and comprehensive full-text search makes identification and retrieval of required information simple. The same search is accessible through any of our entry systems – our online web portal, our Outlook integration, and our mobile app. Thanks to this, we can help your company take your employee productivity and efficiency to greater heights, without compromising on security.

Do you want to learn more about contentACCESS and what it can do for your company? TECH-ARROW is here to help! Contact us and schedule a free meeting with our team of specialists to discuss how we can best set your business up for success.

 

Take the best steps to protect your data – with TECH-ARROW.

Archive all your O365 data with contentACCESS

by Matúš Koronthály