In addition to the focus on the cybersecurity challenges made worse by COVID-19, small businesses should also be aware of the danger of being negatively impacted by having too much dark data. This problem is little known outside of IT experts, but it is one that your organization should take seriously.
What is Dark Data?
Dark data is the name given to digital data and information assets that an organization is currently not using, has not categorized, and, in some cases, may not even be known to the business. These unstructured data come in a variety of forms such as documents, emails, spreadsheets, presentations, as well as system activity log files.
The reasons companies tend to accumulate dark data are straightforward. Some of the data are records that must be maintained for compliance purposes, large volumes of data are stored automatically and never handled again, and some data are stored in places that most users do not access. In addition, most organizations are hesitant to devote precious resources to organizing and monitoring this unused data.
Surveys indicate that organizations contain an average of between 54-80% dark data among their digital data. The higher this percentage, the more potential problems can arise as described in the next section.
The Main Problems Caused by Large Amounts of Dark Data
Increased Exposure to Cyber Threats
Security experts estimate that a typical business’s dark data contains 42% confidential information, 1% sensitive personal information, and 9% personally identifiable information (PII). This sensitive information was originally captured and distributed on spreadsheets and other internal documents, in emails, and on local drives, and much of it is not sufficiently protected by proper password protocols or encryption. Bad external actors know exactly how to take advantage of these weak spots to gain access to your company’s network and exploit the sensitive information contained in dark data. In short, the greater amount of dark data that your organization stores, the higher your potential exposure is to cybercriminals.
Greater Storage Costs
Although the cost to store large volumes of digital data is relatively low, it will add up steadily over time. There is no logical reason for your organization to pay a higher amount to store data that is unnecessary to keep and which increases the risk of cybercrime.
Potential Compliance Issues
Because of the increased amount of cybersecurity risk brought about by too much dark data, most compliance mandates such as the GDPR, HIPPA, PCI, and DSS have restrictions on the percentage of dark data a compliant organization can have. The strict privacy regulations of these statutes and standards are sensitive to the level of dark data. Regulators and any client victims of breaches will demand severe penalties for the damages resulting from non-compliance, which could include lawsuits, sanctions, and hefty fines.
Unused Business Intelligence
Another downside to having too much dark data is that your organization is not utilizing all the valuable business intelligence contained in it. A comprehensive analysis of this data would yield useful information to help improve business operations. In addition, an analysis of system log files and other dark data assets will help companies develop more accurate models for cyber risk assessment, threats, and anomaly and incident detections.
Resolving Dark Data Issues
Some important steps your organization should take to mitigate the threat of too much dark data include:
- creating a data map that identifies all the existing repositories and systems within the network
- reviewing what data is currently being stored in relation to what needs to be saved
- implementing data policies that strictly determine what data to collect and store and for how long
- disposing of old and unused data that is not necessary for compliance or business purposes
- establishing data governance rules that properly secure data containing PII and any other sensitive company or client information
- limiting employee access to sensitive data to the minimum necessary to achieve organizational objectives
Work with a Reliable IT Support and Security Partner
We recommend your organization work closely with a trusted IT Support and Security partner, like Network Depot, to assess your current dark data storage level and policies and to implement tools and methods to resolve any issues. With a comprehensive assessment of your organization’s dark data and the implementation of proper dark data management, your company will be able to benefit from valuable business intelligence and be more secure from cybercriminals.