Why Ignoring Orphaned Data Can Be Risky for Your Business
Orphaned data can result in substantial costs for an organization ranging from waste of storage space to reputational and legal repercussions of exposed data.
- Any data that has been forgotten or ignored as it is no longer actively used or managed by anyone is called orphaned data.
- Ignoring orphaned data can prove very hazardous to a business.
- This article explains what orphaned data is and ways to reduce its risk.
They say that ignorance is bliss. And maybe that’s true for a few things, but not when it comes to the ignored data scattered across your enterprise. I’m talking about orphaned data, also referred to as dark data. Orphaned data is data that has been forgotten or ignored as it is no longer actively used or managed by anyone.
As its name implies, orphaned data has no owner. When a house becomes abandoned, it evolves into a dilapidated state, becoming a fire hazard and a breeding ground for rodents. Ownerless orphaned data sits dormant and becomes a hazard as well — a major security risk.
The Many Forms of Orphaned Data
Orphaned data comes in many forms. It is created by something as simple as an employee that copied a series of files and pasted them to a temporary location for one reason or another. Those “temporary” files are soon forgotten about and become legacy files that become long forgotten. Other forms of orphaned data include the following:
1. Unused user accounts
Employee turnover is a normal phenomenon for any organization. Employees that have left the organization should be disabled for a certain amount of time dictated by policy and then deleted.
Unfortunately, that is not always the case. Because these accounts are not used by anyone, there is no one to monitor them. Threat actors can then seize control of these accounts without anyone knowing.
2. Backup files
The good news is that you are backing up everything, but some of that benefit is negated when you leave old backups parked someplace in an orphaned state. This might include a temporary backup that isn’t deleted when no longer needed.
A company that migrated to a new backup solution or data repository might leave old backups in their former location and forget about them over time. Whatever the reason, ignored backups can provide a treasure trove of information for an attacker.
3. Inactive or uninstalled software
Orphaned applications remain accessible on the network but are no longer managed. These apps can be easily exploited because they are no longer being updated or patched, leaving them open to attacks such as SQL injections and data scraping. Applications that are not uninstalled correctly can leave remnants that can also be exploited.
4. Deleted files
Almost everyone is guilty of this at some point. You might think you are deleting files on your Windows machine, but unless you empty your recycle bin, those files remain on your computer, and because you can no longer see them, they become orphaned.
5. Forgotten data
Users often create or place files in various undocumented locations. When these users leave the organization, those files become orphaned.
See More: Five Ways AI and ML Will Change Information Management for the Better
The Risks Orphaned Data Creates
There is a cost to letting orphaned data reside throughout your network. At the very least, orphaned data creates an operational risk in the form of cost overages or lost productivity. Orphaned data claims space within your data repositories, forcing you to pay for storage that you really don’t need.
This accumulated data can degrade the performance of your storage and computer components. While operational risk can be costly to any organization, there are far greater risks to worry about.
- When orphaned data includes confidential or sensitive information, it presents a real security risk in the form of identity theft, financial fraud, and corporate espionage.
- All data, including orphaned data, falls under the jurisdiction of many government and industry regulations such as HIPAA, GDPR and CCPA, to name a few. Non-compliance can bring stiff penalties and further regulatory measures.
- Orphaned data can leave your organization open to reputational risk when compromised. For instance, it can be hard to recruit talented individuals if your organization has an incident involving the personal data of people who have applied for positions in the past. Customers may be wary of purchasing from your company if they feel their information may be at risk long after the transaction was made.
Whether orphaned or not, data is data. Cybercriminals want it, regulators audit it, and cybercriminals can exploit it. While the data itself may be forgotten, the risks are not.
See More: Why Marketers Should Measure Performance Using a Native CRM Tool
How To Reduce the Risk of Orphaned Data
Most organizations have some or the other form of orphaned data on their systems. That means you need a plan to deal with it to ensure it doesn’t come to haunt you one day. Some of the recommended measures include the following.
- Conduct regular reviews and audits of your data storage locations to identify and categorize any unused or outdated data that may be considered orphaned. These reviews should also include applications that are no longer needed.
- Implement a data retention policy that outlines how different types of data will be managed. An information management team should take ownership of all orphaned data and be responsible for it over the course of its remaining lifecycle. Retired applications should be properly retired from service.
- Orphaned data should be encrypted. Just because it has no owner doesn’t mean it shouldn’t be secured properly. Encryption will mitigate the risk of unauthorized access to any type of data.
- Enforce the principle of least privilege when creating data access policies.
- Training should always be part of any security strategy. In this case, employees should be educated on the importance of data security and shown best-practice data management techniques. Users should be discouraged from temporarily storing data if possible.
- When applicable, a professional data disposal service should be contracted to dispose of storage drives and electronic devices that may still host orphaned data.
There are instances in which organizations may be required to retain data for elongated periods for legal or compliance reasons. Ensure that there are policies and data management procedures in place so that this data doesn’t slip through the cracks one day.
Being mindful of how data is retained and disposed of will go a long way in mitigating the risks that orphaned data can create. In a paperless society, data can live forever if you let it.
Which best practices has your business adopted to maximize data use? Let us know on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON DATA MANAGEMENT
- How IoT is Revolutionizing Remote Patient Monitoring and Chronic Disease Management
- Four Ways to Accurately and Seamlessly Share E-commerce Supply Chain Data
- Data as Currency: Consumers Willing to Pay for Personalized Experiences
- 3 Reasons Your Health Data May Not Be as Accurate as You Think
- Using Decision Intelligence to Investigate Money Laundering