Recently my car was broken into, which really sucked. But I’ll still admit that I'm partially to blame; as a commuter I often treat my car as a dumping ground, and am generally less aware than I should be about what I leave exposed (read: thrown on my floorboard). However, even those mundane, low value, and everyday items can invite risk when they’re left in plain sight. Although my doors were locked, and the alarm system functional, when a curious intruder decided they wanted to check out my interior, there wasn’t anything the blaring security system or I could do to stop them once the window was broken. Luckily I am insured and was able to reach out and recoup some of my losses. However, when it came time for me to list stolen items and their value, I really struggled. Where had I last seen my sunglasses, a piece of mail with personal information on it, my work badge, and headphones? How much were those items actually worth to me? My insurance company? It became apparent that because I was unable to give a clear account of what was missing, assessing the theft’s damage became nigh impossible!
Meanwhile in the business world…
It occurred to me that this situation isn’t that dissimilar to what happens during many of today’s high-profile data breaches. The unfortunate hacking victims—often large organizations—typically can determine where a break-in has occurred, yet they have difficulty uncovering what information was accessed and how valuable the content was. Even though they set up all the warning systems/ firewalls they thought they needed, when a malicious entity gets through their defenses and starts stealing things, they not only have to deal with the inherent issues of determining how to repair things, but also have to determine what has been stolen and how much it is worth.
Due to today’s data proliferation, many organizations have the same mindset with regards to their enterprise file shares and storage systems: they treat them as a dumping ground. The obscure information in these systems is known as dark data, and this information is not just underutilized; it is in fact inviting risk
There are many tools that can help organizations gain insights into their dark data and determine where risky/high value content is so that they can remediate it, set retention policies, and ensure defensible deletion moving forward. Obviously vandals and hackers will never cease to exist. However, a developed information governance strategy can at least mitigate your exposure, and in the event of a breach you will be better informed about what information was taken, and can then take meaningful steps to alert the appropriate stakeholders. Not only this, but with the GDPR on the horizon, having a good idea of any personal information hiding in your file shares is generally a good idea.
Now if only I could remember to clean my car.