Information is the modern world’s new gold, or oil. It flows and pushes everything in the global economy, spawning terms such as “big data”. And just like gold or oil, this precious resource needs to be protected, and so data integrity has come to the forefront of every IT departments concerns.
Data integrity is the property of an Information to be intact and unaltered in between modifications, either by an unauthorized party or a technical event. In the Internet age, the term data integrity is tightly connected to servers and databases, since this is where most of the world’s information is stored.
There are three dimensions to data integrity:
1. Secure communication. The information has been correctly and securely sent from the creator, to the receiver.
For instance, the data sent from a customer registration form to the database containing the information for all other clients.
2. Safe storage. The data that is in servers hasn’t been altered or modified, and can still be used for its original purposes.
For example, customer information such as credit card details and addresses that an online merchant stores in a server.
3. Data can be audited. This means the data can be audited and verified, at each point where changes were made, allowing for the bugs, modifications and other alterations to be detected.
This is especially important in organizations that work with very sensitive data, such as payments, or health data. These organizations need to know who, when and how altered a certain piece of information.
There’s more than one way information can be corrupted, although the methods can be grouped into two major categories:
Ever since the World Wide Web took shape, malicious hackers have sought to make a quick buck by exploiting its software and security vulnerabilities.
Studies have shown that companies who have been victims of data breaches and hacks and loss of consumer trust. The infographic below puts this phenomenon in perspective, by showing how many existent consumers would discontinue a relationship with a breached company, or not enter a relationship with one.
Besides the business incentives behind stronger data integrity procedures, companies and organizations have legal pressures to worry about.
Regulators are now cracking down on organizations that aren’t capable of protecting their customers data. For example, North Carolina recently fined for a 2013 data breach, while the British ICO charged TalkTalk with $400,000 for leaking data for 150,000 customers.
Once the EU GDPR regulations kick into action, the fines can reach a whopping 4% of a company’s turnover.
Almost all the data of an organization passes through the hands of employees. Data integrity verification always falls on their shoulders first, so any security policy has to start with them.
For one, credential sharing between employees should be strictly controlled on a need to know basis. This prevents employees with attribution in one field (such as quality assurance) to access and modify data from colleagues in unrelated fields (such as sales).
If employees need to share accounts as part of their work duties, . These allow the sharing of account login information, but without actually revealing the password used to access the account.
Secondly, employees need to be vigilant, and properly identify when something is out of place. There are numerous signs of hacking, but many of them are silent and easy to miss. Changed passwords, missing files, logins at strange hours, file modifications that cannot be accounted for, are all signs of a hacking.
Fortunately, there are a lot of resources to go around when it comes to employee education, such as:
For the uninitiated, encryption is the go-to cybersecurity measure, but it is only efficient in certain cases, and comes with a performance cost.
By encrypting the information in the database, whoever gets their hands on the files cannot access them without the decryption key.
