Mar 01 2017

5 Questions Small Businesses Should Ask About the Data They Are Collecting

As the amount and type of data companies collect increases, they need to develop a sensible data management strategy.

Companies are up to their necks in data. In fact, IDC has predicted that by 2020, data production could reach 44 zettabytes. That’s a lot of data — just 1 zettabyte equals 1 ­billion terabytes. But it’s not just the amount of data that’s increasing, it’s the type of data that companies are ­collecting as well. Capturing and using location, web and even biometric data has almost become standard.

For smaller companies, an increase in data presents an especially tantalizing opportunity to grow. The ability to collect and analyze data and trends, customer preferences and web traffic can quickly create a competitive advantage in a crowded market. But in the race to accumulate and analyze that data, companies often overlook the potential threat that it might pose, especially for those who do not yet have the resources and infrastructure to ­protect it.

As breaches become more common, it’s critical that companies review their data to ensure that it is not only safe from hackers, but also properly stored for internal use. Surprisingly, our research finds that 60 percent of breaches are not by external actors but by employees themselves.

Big Data Vs. A Lot of Data

Assessing the true value of data and the potential risk of a breach will help small and medium-sized businesses set their data strategies and avoid collecting more data than they need. But an IT team can’t do it alone.

Creating a sensible data management strategy requires input from stakeholders across the business. This can be especially difficult for SMBs that often don’t have the resources necessary to create a comprehensive set of policies and procedures for information governance.

So what can you do? Start by asking these five questions:

1. What is the business need for the information we collect? The simplest way to protect sensitive data is not to have it in the first place. Companies should avoid the “collect now, analyze later” approach and instead carefully consider how the information will help achieve strategy and performance objectives.

2. Do we have the capabilities to effectively use the data? In addition to understanding the value of the data, leaders need to evaluate whether employees have the skills and capabilities needed to collect, manage and analyze it. Without a capable team ready to turn data into insight, it may sit untapped — or worse, misused.

3. How would the public react to the information we collect and how we use it? Just because companies can lawfully collect an enormous amount of data doesn’t mean they should. Consider creating an informal feedback loop with employees to weigh potential value against potential reputational harm if the public learns the information is being collected.

4. What information do we need to protect, and at what level and cost? It’s important to keep all company information secure, but heightened protection is required for certain especially sensitive information, such as credit card and Social Security numbers. Losing this sensitive information can turn a data breach into a full-blown privacy failure.

To ensure that this data is adequately protected, companies need to address and classify the information, and investigate the cost of safely retaining it.

5. How long should we keep sensitive data? It’s not uncommon for companies to collect data and subsequently forget to do something with it as business changes. Incorporating the data collected into records management policies helps to ensure there is a plan for properly (and regularly) disposing of information and avoiding a costly breach that involves low-value data.


Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.