Storing electronic data in the form of documents and digital files has allowed greater ease of use for sharing easily and readily available information between people and companies. But repositories containing vital data are increasingly becoming ripe targets for looming cyber terrorists.
Each year, cyber criminals employ and mobilise a wide range of hacking methodologies with increasing frequency to target databases containing important information in documents and digital files, causing data infringement. Although data protection is simple and can be easily used, it is not done so, due to a lack of awareness and misconceptions.
Some of the common misconceptions regarding data protection include:
- Complicated implementations can make data encryption difficult. How well the IT Department of an organisation can encrypt its data is not dependent on how well they can build complicated and impenetrable data protection algorithms, but rather how well international standard algorithms that are available to all are implemented. The key to ensuring successful data encryption is to manage and control how the implementation is handled that can set organisations apart. It is important to store the actual “key” needed to decipher the encrypted information and store it securely, so that no unauthorised individual is able to decrypt the encrypted information. For robust data encryption security, an effective key management system must be implemented. In this manner, an organisation will be able to manage which individual has access to the keys and ultimately access to the information.
- Data cannot be hacked by cyber criminals because it is not directly connected to the Internet. This is one of the greatest misconceptions of any organisation, that a data repository is safe from external hazards just because it is not directly connected to the Internet. Any computing terminal that has access to classified information can be a medium of data breach, as there are a number of external methods that can be employed to steal information and content from digital documents. Cyber criminals make use of specific codes in order to violate databases. One way of preventing online attacks at the application level is to implement a robust application firewall; because if a web server is endangered, the database is just as revealed. In a very recent cyber-attack on a Bangladesh bank, hackers managed to steal $ 81 million because of poor security and lack of firewall in the bank.
- Only large corporations or organisations are targeted by cyber criminals. Even though headline news covers large organisations trying to recover from document security infringements, it has been seen that data security breaches take place in all sizes of companies (the smaller ones just don’t get reported), which is a growing concern for businesses worldwide. In order to safeguard classified information, it is important that organisations adhere to compliance and safeguard protocols in the industry that it belongs to. Failure to meet compliances can result in harsh penalties; such compliances would not be in place if it was not considered of only large organisations.
- Digital files and documents are safe within an organisation. Most people are of the opinion that with the implementation of firewalls and secure coding, their sensitive and classified information remains safe within the organisation. Although this could be true, in reality, a malicious insider attack is even more dangerous than an external data breach. Since malicious insiders have access to classified information, they are even more dangerous as they are aware of exactly where all the documents lie and what they contain. This gives the malicious insider the choice of data they can easily steal. In order to safeguard against insider data breach attacks, a robust security solution must be implemented where accurate access control policies and authorisation is provided by the security administrator to individuals where their access can be monitored and controlled. Only specific insiders that comply with the policies laid down by the IT Security Department should be able to view encrypted digital files thus laying the ground for adequate data security.
Carol is an avid blogger, taking particular interest in articles related to technology. She has contributed this article to LockLizard.