• 8 hours
  • Easy
License

Free online content available in this course.

course.header.alt.is_video

course.header.alt.is_certifying

Got it!

Last updated on 2/9/22

Protect Your Company’s Sensitive Data

Be Aware of the Risks Linked to Data Loss 

On July 12, 2015, employees at Ashley Madison, an online dating site for married people with the slogan “Life is short. Have an affair,” :waw: got a nasty surprise on starting up their computers after arriving at work. “Thunderstruck” by AC/DC blared from their speakers while a message flashed up on their screens ordering them to close down the website within 30 days or face mass publication of client and employee data.

They had fallen victim to a cyberattack by a group of hackers accusing the company of immorality and lying, while claiming to fully protect client data. 30 days later, the company had not closed down its website and was running an investigation into the alleged data theft with the help of the police and cybersecurity consultants.

So, on August 18, 2015, the hackers took action by publishing 20 GB of confidential data over the next few days. The leaked information included employee data (identities, internal documents, emails from managers showing illegal tax evasion, and competitor hacking, etc.) and client data (compromising photos, sums of money spent on the platform, sexual preferences, and even credit card numbers that the company was not allowed to store on its database!).

Ultimately, the hackers revealed that they had been able to exploit weak password security. Indeed, the security audit carried out by consultants had revealed that a significant number of employees and users had their password set simply as “123456”. The end result: the company had to shell out over $30 million to users who had their data stolen, some of whom had suffered pretty serious consequences such as the hacking of their credit cards, discovery of their extramarital affairs, and blackmail, as their data was publicly available online.

Understand the Rules to Follow When Holding Sensitive Data 

If you plan to use sensitive data such as:

  • Personal data on customers or employees. 

  • Financial data (for publicly traded companies, in particular).

  • Confidential data on company operations.

in your project, be sure to abide by the following best practices

Security

  • Use secure passwords.

  • Have governance in place around data management. 

  • Regularly review authorization and access to data. 

  • Audit the compliance systems of providers and partners with access to your data. 

  • Encrypt sensitive data to limit access. 

  • Anonymize.

Storage

  • Do not keep data for longer than legally allowed (between two and five years depending on the data, according to General Data Protection Regulation, GDPR). 

  • As a rule, delete data you no longer need. 

Information

  • Informer users of their rights to consult and amend their data, as well as how their data will be used (operations, recipients, length of storage, etc.). 

  • Provide information about those in charge of data protection within your company. 

Identify Contact Points Within the Company

You must become familiar with the company’s key contact points for data management:

  • Information System Security Officer (ISSO): this is the company’s data security caretaker. This person often reports to senior management. 

  • Chief Data Officer (CDO): responsible for governance and processing of company data. Adds value by advising business departments on storage, processing, and data security.

  • Data Protection Officer (DPO): a required role under the General Data Protection Regulation (GDPR). This officer has a legal role and helps map internal data, raise awareness of best practices, and carries out data-management audits. 

Let’s imagine that you work as a data analyst in a rental car company. You’ve asked your colleague from the sales department, Juan, to send you a list of the company’s biggest clients to work out whether they might be interested in a new service: a monthly subscription for unlimited car rentals (wow!).

As the file is too large to send as an email attachment, he suggests sending it to you using a free, online file-transfer service.

What do you risk happening if client data is stolen during this transfer? 😱

  • Answer A: Being told off by the company ISSO. 

  • Answer B: Losing the company’s biggest clients and a long-term negative impact on the company image. 

  • Answer C: A fine of 4% of turnover, or €20 million. 

As you might have predicted, the correct answers are A, B, and C! 

Let’s Recap!

  • Poor employee practice is linked to 88% of data loss in companies targeted by cyber attacks. 

  • Informing users of how their data will be used, securing data, and deleting data you no longer need are all examples of essential best practice that must be followed. 

  • You must inform your CDO and DPO about how you will use data in your projects. 

  • Loss of personal data may lead to your company being fined 20 million Euros. 

In the next chapter, we’ll start work on our practical example that you’ll follow right through to the end of the course, helping you progress step-by-step! 

Example of certificate of achievement
Example of certificate of achievement