Last week I was reviewing Gurpreet Thathy’s (GT) report following a client infrastructure review. One of the points that jumped out at me, a point that I’ve seen often in other similar reports, was regarding the amount of data retained by organisations (org’s) and individuals. With storage devices being relatively cheap and the evolution of cloud storage, businesses and individuals should carefully consider what they retain and how they secure it. I followed up on this point with GT, and he provided 3 points org’s/individuals can do (internally or with assistance from a third-party provider) to improve their data storage.
- Do you need to store data? Conduct a data audit to understand the infrastructure and how data is stored and accessed. On the most recent audit, one of the first things GT noticed was that the client was holding/storing almost everything (dating back years). We let the client know that we needed to reduce the amount of ‘stored data’, and the first step was determining what they needed to keep. Retaining old data is an unnecessary risk, especially when not required. Reviewing and auditing also assist with complying with regulatory requirements.
- Who has access to this data? The client’s infrastructure had controlled access and audit logs on who logged into which share/cloud space and an audit log on files accessed by which users; however, some shares were identified as outdated/unnecessary. Although some of it was taken offline, you could still access these files without restrictions and audit logs. It’s important to remember that access restrictions are only effective if the system uses reliable authentication measures.
- Raise Awareness. Unauthorised access to systems from internal and external parties is on the rise. It’s not just about protecting yourself from external threats but also about raising awareness about accessing documents internally, which you shouldn’t. During several recent forensic investigations, when investigating computers and other computer peripherals, post the audit, our clients have requested us to brief the client’s employees, and most of them say – ‘they didn’t know files were restricted,’ or ‘I didn’t know we couldn’t take files home.’ As org’s, we should educate employees about what they can and cannot do and the risks involved.
Security and awareness are paramount when storing data. Whether you as a business or individual keep employee data or the data of others, you should audit your data and understand how it is accessed, where it is stored and who accesses this data and should follow best practices. Doing this will ensure that you lower your risk of a security incident.