Many ‘Things’ May Compromise Data Security

The “Internet of Things” or “IoT” … what is it, and what does it mean to your company?

Simply put, the IoT describes what happens when you set off an alarm leaving a store, because a cashier forgot to deactivate the security tag on your item. The tag sends a signal to a receiver, which in turn triggers an alarm. Those two devices are communicating, without human involvement, and providing an additional measure of safety for a retailer. But devices that can communicate independent of humans could also compromise the safety of your data.

By 2020, more than 20 billion “things” will be connected, according to Gartner forecasts. Some of those things could be poorly manufactured, inexpensive and vulnerable to hacking. So businesses are now looking at how to manage their data in a way that protects it from future risks.

Best Practices

The Federal Trade Commission released a report in 2015 summarizing its 2013 workshop, “The Internet of Things: Privacy and Security in a Connected World.” Among the topics panelists discussed was data minimization – that is, erasing stagnant data.

Because data repositories aren’t accessed with frequency, they can be targets for thieves. A data breach could occur and be ongoing for some time before anyone detects it. As such, the FTC report recommended businesses come up with a plan that defines how long data will be retained, and which data is essential to collect.

Training and Partnerships

The FTC report emphasized the importance of security training for all personnel. That means educating employees about how they may put themselves and the company at risk. For example, a weak WiFi password at an employee’s home could be all a hacker needs to gain entry into your sensitive corporate files.

The FTC panel also said businesses should ensure any providers they work with follow good security practices. The importance of that point is illustrated by the large data breach Target stores reported in 2013.

Hackers that stole data for more than 110 million Target customers did so using a third party’s network credentials. The breach was linked to a heating and air-conditioning contractor that had worked on HVAC systems at some Target stores. In a statement in 2014, the HVAC company said its only data connection with Target was “exclusively for electronic billing, contract submission and project management.”

Businesses should develop a list of security measures they expect from vendors or contractors, and that includes identifying which versions of software should be in use. Sometimes, outdated software contains security vulnerabilities.

Security and Expertise

Lifeline Data Centers understands the increasing challenges businesses will face in protecting sensitive data. We’ve instituted several physical and virtual security measures to protect our colocation tenants’ data, and our staff experts help businesses follow data management compliance. See how we’re prepared for the Internet of Things. Schedule a tour today.

Other resources:

• Infographic: The 22 Data Center Compliance Acronyms You Need to Know
• White Paper: Why Data Center Compartmentalization is Important
• Lifeline One Sheet: What You Need to Know About Lifeline Data Centers

Rich Banta

Managing Member at Lifeline Data Centers

Rich is responsible for Compliance and Certifications, Data Center Operations, Information Technology, and Client Concierge Services. Rich has an extensive background in server and network management, large scale wide-area networks, storage, business continuity, and monitoring. Rich is a former CTO of a major health care system. Rich is hands-on every day in the data centers. He also holds many certifications, including: CISA – Certified Information Systems Auditor CRISC – Certified in Risk & Information Systems Management CDCE – Certified Data Center Expert CDCDP – Certified Data Center Design Professional