informa
/
3 MIN READ
Commentary

Panama Papers Highlight Security Gaps

The Panama Papers, Snowden, the White House, and Ashley Madison, along with other data breaches serve as reminders that when you are entrusted with conducting analytics on the data of others you better have your security act in order.

As much as analytics has given us some unique insights into the world through its collation of all sorts of data, as Spiderman's doomed uncle once told us, “With great power, comes great responsibility.”

That goes doubly so for analytics, because the power that analytics has is derived from someone else's data. That makes the analytics firm that has access to it just as, if not more responsible for it, since it's their expertise that is being brought to bear on another firm's private, confidential and even secretive information.

While you might be confident about the security at your firm, the practices you have in place and the oversight you have from dedicated digital security professionals, it's worth considering that there is always a way for information to leak. Whether it's through straight-up hacking, social engineering or in the case of Edward Snowden or the Panama Papers' leaks, simply because an employee decides they've had enough with what's going on and want to burn it all down.

Of course we wouldn't suggest that anything your company is up to is worthy of the leaks that took place in those cases, but it's certainly worth bearing in mind. Both the NSA and Mossack Fonseca are enormous entities, with many employees and workers, a number of which are employed specifically for their expertise in protecting digital assets.

Yet that didn't stop the information getting out.

The same can be said for cases where the information wasn't leaked for moral reasons. The White House Personnel Management systems were hacked in 2015 and so were Ashley Madison servers, revealing the personal data of millions.

Then there is the ever-present threat of foreign hackers.

While that sort of scandalous and personal information is unlikely to crop up in your average data silo, the more we are able to do with data, the more meaning we are able to extrapolate from the mountains of information companies are collecting, the higher value nefarious individuals will place on it.

So what can we do to mitigate those sorts of attacks?

Starting from the ground up by making sure that all employees are aware of important security information is perhaps the most important. Not trusting email or messaging attachments, using strong passwords, and requiring multiple layers of authentication before giving an unknown person information are a great place to start.

On a more technical level, encryption is important. While uninformed politicians may continue to paint it as a tool for criminals, in reality it can often be the best tool to combat stolen data. Applying a strong encryption level to as much as possible, especially when data is being stored rather than actively analysed, can go a long way to preventing major leaks from being catastrophic.

Considering the success some major tech firms have had with the practice, bug bounties could be a viable option too. At the very least, if you offer a reward for anyone finding bugs in your system, they're less likely to sell it someone who isn't as concerned with protecting your customers as you are.

 

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing