Share this article on:
In an age where data is often hailed as the new oil, many businesses rush to amass vast troves of information about their customers.
However, recent high-profile cyber attacks have served to highlight a troubling reality. Data that was once considered an asset may now actually be a liability. Client records held for longer than required can be misappropriated, causing anything from embarrassment to costly losses.
During the past few years, there have been a range of incidents in which financial and personal customer data were stolen during a cyber attack. In Australia, cyber criminals successfully gained entry to the IT infrastructures of companies such as Optus, Latitude, and Medibank.
Incidents such as these have raised a critical question: is the large volume of data businesses accumulate worth the risk? The answer, increasingly, appears to be no. Rather than viewing this data as a valuable asset, businesses must now see it as a potential liability and a treasure chest that malicious actors are constantly trying to crack open.
Taking a ‘minimalist’ approach
The idea of data minimalism – holding only data that is necessary for immediate business functions – is gaining traction as a pragmatic approach to addressing this growing concern. The benefits that data minimalism can provide include:
Making the journey
To achieve effective data minimisation, a company should begin by undertaking a process of discovery. A thorough audit of all stored data should be conducted to determine exactly what is being held and where.
During this stage, an index of the data can also be created that provides metadata, which can aid in future management. This metadata can be used to quickly determine data types and whether they remain of use to the company.
The second step is to develop comprehensive data retention policies. The company should determine precisely how long different types of data should be retained and when they should be securely deleted.
The next step is to review all data security measures currently in place and determine whether any weaknesses exist. Additional measures can then be deployed to ensure all retained data is as secure as possible.
Finally, it is important for an organisation to regularly review and update its data retention policies. The threat landscape is constantly evolving, and what works today may not be the best practice in the future.
The recent surge in cyber attacks has underscored the need for businesses to rethink their approach to data. While it has long been considered an asset, data should now also be viewed as a potential liability.
Embracing data minimalism, holding only what is necessary and promptly deleting data when it is no longer needed, is a prudent strategy for mitigating these risks.
Tim Holden is a technical expert, APAC content and data intelligence, at Hitachi Vantara.