So it’s 2016, and data is still being stolen – but is that the main issue?
You may remember your grandparents saying years ago we used to leave the house doors unlocked and never locked the car.
You can’t even leave a packet of crisps unattended these days, so why do so many businesses leave something as valuable as their data unlocked?
Your Data Is Being Stolen – Here’s How
There are two issues we need to address here. The first is that, believe it or not, your data is so valuable to bad actors that they will do anything to steal it.
Your data is not just a list of orders in your e-commerce system. It is trends that show what the market is purchasing.
It shows what other users bought with those items and can help predict what they will buy and when.
That is some costly market research, and bad actors will likely not want it for that reason; someone else might.
Another often overlooked information you are trusted with is your user’s usernames and passwords.
Most of the time, a username is an email address, and as users are inherently lazy (sorry, it’s the truth!), they reuse the same username AND password for every service they have signed up for.
This is not surprising as there are many different services users need to help them organise their personal and work lives.
With so many, it’s easier for them to use the same combination on every site. Good for their memory; bad for their security.
How can encryption stop your data from being stolen?
The second point that needs addressing in “it’s 2016, and data is still being stolen” is encryption.
Having your data stolen is bad enough, but not making it difficult to sell is almost a crime.
Nothing is 100% safe; nothing is 100% unhackable, but encryption can, at the very least, stop data being sold on and, at most, make it so damn difficult to break (by taking so long to decrypt) that it is essentially useless.
Have you ever bought a bike lock? Some offer £30,000 as compensation if thieves manage to break the chain.
Now the company will know that the chain is not unbreakable, but they realise that it will take so long to do or require special equipment which you can not carry around quickly to remove.
This preventative measure (the time needed to break in) will force bad actors to find another more accessible target.
So whilst it’s 2016 and data is still being stolen, that is not the real issue. The issue is that this data is not encrypted, which is a massive problem for your company and customers.
It is your issue, and it needs to be addressed by at least the IT department responsible for your business and, most likely, by the C-level directors accountable for the company.
Data loss may never be 100% preventable, but it does not need to be useable.
So encrypt your backups and data, and for heaven’s sake, do it now!