With Big Data Comes Big Responsibility

Bob-Conlin_Blog_New.png

Big data refers to the huge and ever-growing volume of data organizations mine to uncover opportunities for building deeper customer relationships and developing new strategies for growth. Gartner describes big data as having “volume” (the amount of data), “velocity” (the speed at which data flows into the organization) and “variety” (structured and unstructured).  Big data can uncover big opportunities for an organization, but it can also provide a big target for cyber criminals.

Data breaches such as the hack of the U.S. Office of Personnel Management that compromised the files of tens of millions of federal employees demonstrate this risk of holding high volumes of data in a manner that does not match its sensitivity. The cost of repairing the damage, and the cost to an organization’s reputation, are too high to ignore.


White Paper: Cyber Security Best Practices - The Ethics and Compliance Effect


Understand the Surface Area of Your Data

In addition to the rapid proliferation of data, the number of digital devices connected to the global IP network has increased the surface area of risk organizations have exposed to potential hackers. This has ushered us into the current state of heightened cyber security requirements, best summed up by former CEO of Cisco John Chambers: “There are two types of companies: those that have been hacked, and those who don't know they have been hacked.”

According to a recent Cisco analysis, mobile data traffic has grown 18-fold over the past five years. Almost half a billion mobile devices were added in 2016 alone. In addition, 325 million wearable devices were reported worldwide. This wouldn’t appear to be a concern until you consider that 11 million of these new wearables have embedded cellular connections. The ubiquity of personal devices has made their usage, and their vulnerabilities, a new part of the modern workplace.

Each employee increases the amount of data an organization must protect. Each device an employee uses to access that data represents a chink in the armor which attackers can compromise.


Toolkit: Cyber Security Awareness Kit


Big Data Requires Decision Making

Just because it’s easy to collect data about every aspect of your business doesn’t mean we should. Pending European Union privacy rules as well as watchful regulators and private lawyers in the U.S., make the indiscriminate collection of customer data risky both in terms of potential regulatory violations and the inevitable fallout from data breaches. In response, strengthening cyber security has been prioritized by both the current and previous White House administrations.

Thus, organizations must learn how to discriminate between data that is business critical and that which is not. What meets the standard of “critical” must then be subject to rigorous security measures that are consistently updated to counter emerging threats. Strategies for maintaining or purging data classified as non-essential should be developed. With these strategies and safeguards in place, the surface area of critical data can be significantly reduced, allowing for concentrated security measures to be applied where they’re most needed. 

With this new found clarity, the real work begins – enforcing companywide rules of conduct to ensure every employee knows the value and potential liabilities associated with the data they generate and use every day. 


What do you have to say? Share your thoughts in the comments below or join a discussion group on Compliance Next.


Crowdsourced Core Values: Beware

Is there such a thing as cultivating a speak-up culture outside your organization? With the penetrating effect social media has on internal organizational information, personnel and culture, crowdsourcing due diligence could be a reality. The question is – should we use it as such. Let’s consider the pros and cons of monitoring by the masses.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Ethical First Responders: An Interview with Tom Fox

In the wake of Hurricane Harvey, in preparation of Hurricane Irma, and as wildfires rage through the Pacific Northwest, we are witnessing the heroic efforts of individuals across the nation. We are also seeing similar efforts from local and national organizations playing their part to stabilize affected areas. Is this rolling-up of the sleeves of ethical first responders just an incidental result of being in the wrong place at the right time? Or is it the result of some form of ethical inertia emanating from purpose-driven organizations?
Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments

Email Signup
Cyber Security Awareness Kit to Educate Workforce
Download Toolkit