In today’s digital world, data is the most critical enterprise asset. Data is required to run software, drive business intelligence, and deliver new functionality. Consequently, companies have tried to hoard as much data as possible. In fact, data has become known as “the new oil,” among many. This sentiment, however, is misleading. Data is not the new oil; it is the new uranium. While data is used for a variety of initiatives, it needs to be managed carefully. A cybersecurity risk is equivalent to a nuclear fallout, which can lead to a meltdown or result in extraordinary costs to contain the damage. Given the increase in enforcement from regulators for various data privacy laws, it’s critical for organizations to exercise more caution in their handling of data.

The Importance of Handling Data with Care

It’s not so much that organizations look at data as being limitless. Instead, it’s a matter of companies wanting to stockpile data and monetize it in as many ways as possible to maximize the organization’s financial benefit from it. 

This can lead to too much data storage within a single source and creates situations where data frequently changes hands, resulting in more unwanted usage. Or, companies sometimes hoard too much data and venture into the business of selling it. These circumstances can lead to large-scale data breaches and data thefts. For example, Capital One experienced a data breach in 2023 that saw “troves of sensitive financial information leaked,” impacting more than 494,000 individuals. In 2022, Facebook owner Meta ultimately paid $725 million to settle legal action linked to political consultancy Cambridge Analytica’s use of millions of Facebook users’ data. 

Comparing data to uranium is an accurate analogy. Uranium is radioactive and it is imperative to handle it carefully to avoid radiation exposure, the effects of which are linked to serious health and safety concerns. Issues with the deployment of uranium, such as in reactors, for instance, can lead to radioactive fallouts that are expensive to contain and have long-term health consequences for impacted individuals. The possibility of uranium being stolen poses significant risks and global repercussions.

Data exhibits similar characteristics. It is critical for it to be stored safely, and those who experience data theft are forced to deal with long-term consequences – identity theft and financial concerns, for example. An organization experiencing a cyberattack must deal with regulatory oversight and fines. In some cases, losing sensitive data can trigger significant global consequences. 

Best Practices for Preventing Breaches

Several recommended best practices are designed to help avoid these scenarios. For example, companies sometimes store unnecessary data that is irrelevant to their business and operations. For instance, the average retailer doesn’t need a customer’s home address or date of birth. When a breach occurs, there is higher exposure due to the theft of data that the company shouldn’t have had in the first place. 

End-to-end encryption is also recommended. In an end-to-end encryption solution, only end-users have encrypted access to their data, like Apple’s iCloud and password managers. A breach won’t compromise the end user’s data if the organization doesn’t have access to unencrypted data. Many breaches occur because of a hack. Implementing best security practices on firewalls and access control, conducting regular software updates, and training employees can dramatically reduce the risk of hacks.  

Maintaining a data chain of custody is paramount. Some companies allow all employees access to all records, which increases the surface area of a cyberattack, and compromised employees could lead to a data breach. Even a single compromised employee computer can lead to a more extensive hack. Consider the case of the nonprofit healthcare network Ascension, which operates 140 hospitals and 40 senior care facilities. In 2024, an employee downloaded a malicious file, allowing hacker access to the MyHealth records system. The breach forced the company to take critical systems offline, shut down phone lines, divert ambulances, close pharmacies, and resort to pen-and-paper tracking of patient information. The incident led to a $1.2 billion loss for the company. Limiting access to only those employees who need it to carry out their functions will reduce the risk of hacks.

It’s also imperative not to buy or sell sensitive data. Organizations sometimes buy sensitive data, including personal information, for targeting and marketing, or companies sell their data to other companies. Businesses can lose customer trust due to a data breach, and if they sell or buy data without permission, they might be breaking the law.  

In addition, it’s vital for organizations to hire talent that’s appropriately trained to manage security data. A large company might consider hiring a chief privacy officer to develop and implement data privacy best practices for all organizational functions. For a medium-sized or smaller firm, a chief information security officer can oversee the best security practices throughout the enterprise. Regular employee training on the most effective security and privacy practices is essential, and companies can consider hiring external consultants to acquire security certifications. 

Ensuring Secure Data

Today’s technology makes it relatively easy to encrypt data at rest. Companies can encrypt chunks of data with separate controlled access hardware keys at the cloud providers, which are used to decrypt the data only when necessary. These hardware keys are frequently rotated and cannot be hacked. This does, however, require some basic security and cloud deployment expertise. 

Some organizations allow their encrypted data to be exported in an unencrypted format. If this data is breached, it’s difficult to know where and how it will travel. It’s recommended that an enterprise avoids keeping sensitive data in an unencrypted format, regularly monitoring its infrastructure to ensure no unprotected endpoints. Limiting the process of sensitive data to secure systems with strict firewalls can ensure that unencrypted data never leaves the system. 

Such security measures aside, there will likely be an increase in hacks in the days ahead. Consider, for instance, that more than 2,700 data breaches and cyberattacks were publicly disclosed in the first half of 2024, with nearly seven billion known records breached. 

As such, companies will be forced to move to edge computing with end-to-end data encryption. AI-powered security tools play a meaningful role in securing infrastructure, and these technologies can increase data safety. Organizations that don’t have unencrypted access to their customer’s sensitive data dramatically reduce the risk of fallout. Customer’s data is decrypted only on their devices, significantly reducing the surface area for attack. Along with relying on emerging technology, companies can take several routine steps to help ensure their data is secure, such as only storing data that is needed, encrypting data end-to-end, and deploying best security and privacy practices.