“My Precious!” The famous statement from The Hobbit where Gollum repeatedly screams for his most precious item, the gold ring, the one ring to rule them all. This massive trilogy is all about protecting this sacred item from the evil onslaught of Sauron and his minions. It’s so important that those in control of the ring decide to destroy it rather than allow it to fall into evil hands. This story, and magical and mystical item, correlates exceedingly well to corporate data. Precious company information: finances, sales numbers, source code, legal documents, personnel files, etc. cannot fall into the wrong hands. Data is the life blood of companies and it’s the responsibility of leadership to protect it.
One of the most famous stories of technology intellectual property theft is that of Steve Jobs and the mouse from Xerox PARC. Steve Jobs toured the Xerox Palo Alto Research Center and saw a prototype mouse and was in awe. After he saw what it could do, he went back to Apple and directed his developer to recreate what he saw in a much less expensive fashion with greater longevity. This breakthrough helped propel the launch of Apple Macintosh. The irony of this intellectual property “theft” is that the researchers at PARC did not agree to the tour, it was a business decision. In exchange for money or stock in Apple, Steve Jobs and others were allowed to look around at whatever was “cool.” What would have become of Xerox and their PC unit had they perfected the mouse and proceeded to target the PC market more aggressively? Steve Jobs believed Xerox could have been as big as IBM, Microsoft, and Xerox combined.
The NSA data breach by Edward Snowden is another famous example. While one can debate whether this act was heroism or treason, the fact remains that precious information was taken from the US Government and exposed to the world. When organizations lose data, there’s not only the potential for economic damage, there’s probability for political and reputation damage as well. Businesses are not immune to this impact as shown when Reputation.com experienced a hack and lost user passwords, emails and addresses. Pretty ironic that a business focused on protecting online reputation for customers experiences a data breach itself.
The ailment inflicted upon businesses through data breach and information loss cannot be overestimated. While researching this article I came across numerous statistics regarding outcomes when data loss or theft occur. While validating sources, I found they are not reliable hence I have not republished that information. Saying that the data published is not necessarily true also does not make it false. Common sense dictates that when a company loses data and/or experiences theft there is a financial impact. That damage most certainly can, and does, lead to major financial impact and even bankruptcy.
The scariest data loss and/or theft to most individuals revolves around healthcare and financial services. Kim Kardashian led to the termination of six individuals when the temptation to view her medical records was too great to pass up. While this may seem harmless to the individuals improperly accessing her records, this breach exposed a well-respected medical facility to suffer reputation damage as well as a potential lawsuit, not to mention government punishment due to the HIPAA violation. TD Bank misplaced backup tapes and exposed nearly 270,000 individuals’ data. This data loss should cause great concern to most business as, like themselves, the information was backed up to tape and unencrypted. During my time in the healthcare industry I saw this happen to two of the largest medical entities in the United States. In one instance the tapes were stolen from the driver delivering the backups to storage. The other situation had unencrypted backup tapes lost in the mail. This type of data loss is all too common, impacts large swaths of patients and clients, and most companies have no policies or procedures in place to prevent it.
Organizations should know that they are not alone in the pursuit of data protection. A number of businesses and technologies cater to this need. Whether looking for inventory tracking systems, performing background checks on employees, or having an audit or assessment performed to understand the current state of affairs, numerous companies and products exist to help mitigate risks. Knowing is half the battle, and leadership owes it to themselves, their investors, and their employees to see the risk and take protective action.
A few suggestions:
- Know who has access to what data and prohibit access to any resource that does not have a need for such access.
- Encrypt data in transit.
- Consider encrypting data at rest, especially intellectual property and other fundamental business information.
- Do not let employees take backups home, no matter their position with the company.
- Be aware of who comes into the business, what they see, and what they take away, physically and intellectually.
Just as Bilbo, and then later Frodo and the Fellowship protected their “precious,” leadership in organizations must do all they can to protect their data. Management needs to understand the risks are not solely from the nebulous hacker in the Cloud trying to steal information. Data theft and destruction comes from innocent curiosity to nefarious intent. No matter the reason, businesses are at extreme risk, financially, reputation wise, and potential legal liability, and management must mitigate as much risk as is reasonable.
Contact Gungon Consulting for your free consultation today!
Make sure to “Like” Gungon Consulting on Facebook for up to date technology and security information.
Eric Jeffery has 20+ years’ experience with Information Technology including stints in the Retail, Aerospace, Defense, Hardware, Entertainment and Healthcare industries. Eric has a Bachelor of Arts degree in Economics from the University of Colorado at Boulder. Mr. Jeffery recently founded Gungon Consulting to help businesses solve problems mentioned in this and his other published articles. Please contact Eric at eric@gungonconsulting.com.
Gungon Consulting 