We live in an age of big data, with many organizations storing and processing unbelievable amounts of information.
Google alone boasts over 10 exabytes of data storage (1 exabyte = 1 billion gigabytes). Just to put that in perspective, 5 exabytes is roughly equivalent to every word ever spoken by anyone — since the beginning of time.
And all of this information is ripe for picking, with everything from patient records to email passwords potentially up for grabs.
When dealing with financial data, the consequences of theft can be especially dire:
- Under the best circumstances, criminals can completely wipe out a victim's bank account.
- Under the worst circumstances, thieves can rack up enormous charges and plunge victims into debt.
So what are the greatest threats to data storage security — and how should businesses protect themselves?
Database Threats: the Enemy Without or the Enemy Within?
On the surface, hackers represent the single greatest threat to data storage. Home Depot and Target are just two of the most high-profile examples of criminals using malware and phishing to collect consumer data.
Hackers from just one country alone (i.e. Russia) have reportedly amassed more than 1 billion Internet passwords in recent years. This is a terrifying prospect when you consider how much personal and financial data we keep in the cloud.
But internal abuse from employees and contractors may represent an even greater threat to data security. This is especially problematic for Fortune 500s that pass large amounts of data through countless hands in multiple locations around the world.
Although internal threats don't receive nearly as much attention, don’t underestimate the ease and frequency with which foul play can occur. Remember that Edward Snowden wasn't an outsider — and he didn't use sophisticated software to steal “highly secure” governmental data.
All he needed was a simple thumb drive to bring the NSA to its knees.
So How Should Fortune 500 Companies Protect Themselves?
The most obvious step is to invest in secure data storage. But this only represents the beginning. Whether for whistleblowing or monetary gain, internal employees can still compromise even the most secure databases.
A better option is tokenization.
With tokenization, personally identifiable information gets swapped out with randomly generated IDs ("tokens") that become meaningless if they fall into the wrong hands. Retail merchants frequently use tokenization and encryption to process and send payments securely and to ensure personal account numbers (PAN) are not anywhere in their systems. But this technology can also be used for other types of information, including email addresses, patient records, user accounts and customer names.
None of this information gets stored directly in a company's database. And with nothing to store, there is nothing to steal.
When dealing specifically with financial data, businesses should also invest in highly secure payment processing that adheres to the strictest PCI-compliant standards whether you are processing Level 1, Level 2, or Level 3 credit card transactions.
Database Protection Is an Ongoing Process
No data storage technology can remain 100 percent secure indefinitely. Every time a new technology comes out, criminals, thieves and employees immediately begin looking for holes to exploit.
But by strengthening your current protocols and regularly monitoring emerging threats, it's possible to create a dynamic series of deterrence to make data breaches less likely in the future.
To learn more about how BluePay approaches payment and data security for larger businesses, visit Enterprise Level Credit Card Processing.