Thanks to nearly limitless and increasingly more affordable data storage options, most individuals and firms are guilty of data hoarding.
Whether's its the belief that a 10-year-old e-mail may be helpful someday in resolving a dispute or the vague promise of "big data", many of us are guilty of holding on to data long after its best before date.
What's the harm with a little bit (or lot) of old data?
We often think of data in terms of bits and bytes, but with a certain kind of old data the consequences of its inadvertent or unauthorized disclosure due to mistake or actions of cybercriminals, can have a real financial bite on an organization.
That kind of data is what we call Zombie data.
Zombie data could include customer names, addresses or other personal identifiable data. It may also include credit card information or government identification.
Zombie data becomes dangerous when you're still holding on to it long after its value and viability to the organization has since past. For example, holding on to job application data from postings from three years ago.
The odds are that the data is too stale to be useful. But by not having good data governance practices including data retention and destruction policies, that data lurks on, ready to bite your organization if the online job application system you built is breached by a cybercriminal or suffers a critical error and disclosures the information.
This could place your organization in breach of privacy laws and could hurt its reputation among potential employees or your community should the breach become public.
Zombie data could also include past customers who no longer buy from your organization. At a certain point, holding into their personal or financial information contains more risk to your organization than benefit.
Combating the risk of Zombie Data
The most effective strategy to dealing with the risk of zombie data is to incorporate the concepts of privacy by design into the entire lifecycle of data in your organization, particularly customer or employee information.
In addition to looking at adopting privacy by design, your organization will need to start addressing data governance in a holistic way.
The solution: Focus on People, Process and Culture
Dealing with data governance is a lot like implementing a customer relationship management (CRM) solution. That is, it's not something you can just make go away by buying a piece of software. Instead, you have to do a detailed review of your business processes and be prepared to work on changing those processes and the people who use them every day.
Dealing with your Zombie data risk is one part of combating your overall cyber risk. It's not a small task, but it will yield immediate as well as tangible long-term benefits to your organization.
Reducing zombie data, managing vulnerabilities in your information technology vulnerability, raising cybersecurity awareness and accountability are all park of managing your organization's cyber risk.
If you're ready to tackle your overall cyber risk in a holistic way, we'd love to talk to you about our cyber risk measurement, management and monitoring solution.