I read a couple of thought provoking articles recently on the subject of data security, and more directly, on how data destruction can serve to permanently “secure” the data that is destroyed. One article appeared in the Wordfence security blog, and the other article from security and encryption guru Bruce Schneier on CNN.com.
The Wordfence article was looking at improving WordPress website security by removing unused items and information, things such as installed but unused themes and plug-ins, and removing from your WordPress DB any out-dated files, attachments, and user or client information. The basic argument in the story was that sanitizing your website this way provides fewer places for an attacker to gain access, and less for them to steal if they do successfully get into your site.
In his article, Bruce Schneier takes aim at “Big Data,” the glut of personal information, spending habits, web surfing patterns, GPS location information, and the other data that companies we spend our money with keep on us. The theory is all that great data can be mined, and parsed, and analysed to help us spend more money more efficiently to generate greater profits for the companies who are collecting the data. Not only is this intrusion into our lives an assault on our privacy, these huge databases are the targets of cyber-criminals, who can use the stolen trove to hack our accounts, and set up false identities.
I am sure that smaller businesses are getting into data mining their own customers, and maybe, before you get in too deep, you should think about the repercussions of a breach of this data. The falling prices of ever larger hard drives and storage devices mean we can keep data pretty much forever at a very low cost. But this doesn’t mean it is a good idea to do so. Here are some considerations:
- Don’t – The best idea may be not to collect the information at all, especially if you are not really using it for anything.
- Delete – But a strong second place would be planning to destroy the data when it has served its purpose, or when it is out-dated enough to be worthless.
- Encrypt – We are to a point now where encryption is not optional. My belief is all personal information should be encrypted, to protect our customers and employees, and to make it useless to cyber-criminals.
I encourage you to take a look at the data your are collecting and storing, and ask yourself do I really need to keep it? If not – throw it out!