Over half of the data that companies collect is for single-use purposes. We give companies Social Security and credit card numbers, addresses and phone numbers, emails, and health data. That information, called “dark data” in internet circles, generally sits stored away, long forgotten by users. Dark data comes from many different sources: when a company declines to delete a former employee’s information, for example, or when a company is acquired but declines to wipe its existing user base.
“It’s like packing away some clothing or jewelry in the attic for future use and forgetting that it was there,” says Todd Moore, vice president of encryption products at Thales Group.
Unfortunately, though, sometimes cybercriminals get to the data first.
Dark data that contains personal identifiable information (PII) is definitely a problem that literally multiplies by the day in many enterprises, so it’s absolutely vital that companies identify the PII elements stored across the entire business, says Sharad Varshney, CEO of the data governance consultancy OvalEdge.
Half the battle in dark data vulnerabilities is an enterprise’s inability to perform complete data discovery, he says.
“You can’t protect what you don’t know about, but as we’ve seen in the countless data breach headlines, you can certainly count on cybercriminals to find and exploit every shred of PII if they are able to gain access to your company’s data stores,” Varshney says.
Here are four steps you can take to prevent the theft and misuse of your dark data.