The high-profile security events of the past year have been mainly centered on theft or unauthorized access of data, with data being held for ransom or sold to the highest bidder on the black market. Organizations must continue to focus on building strong defenses, but if finding protected data is the goal for attackers, organizations need to be aware of the threats associated with integrity.
You may have the most current intrusion detection and prevention technology, but if your critical data is altered, and you have no way of knowing how, when and by whom changes were made, this may have a major impact on your reputation and ability to operate.
Data integrity concerns the validity and trustworthiness of the data; the accuracy and completeness of the information; and the methods used to process and manage it. Clean and complete data allows us to make intelligent business decisions. Bad and incomplete data can significantly reduce the success of organization.
But data integrity issues are not always easily detectable. As we have moved away from hard-copy record-keeping, detecting data manipulation becomes more difficult. If we don’t have appropriate controls in place to prevent changes to the records we rely on for both day-to-day operations and for compliance reporting, then we could be in serious trouble!
If you are a healthcare institution, any unauthorized changes to patient records could literally put the lives of patients at risk. Changes to diagnoses, medical history and medication records could be disastrous.
If you are a financial institution or a public company, even small, unauthorized changes in data could create major problems, especially if the data forms are part of a report to shareholders or filings with regulatory bodies.
For Catskill Hudson Bank in New York, network bandwidth and connectivity play a big role in keeping data intact. “Our ability to use myriad monitoring and security tools is only due to our IT infrastructure that is based on Spectrum Enterprise’s service,” says Kevin McLaren, the bank’s executive vice president. “Without that bandwidth and the connectivity, we would be unable to meet the ever-increasing demands for data security, which is of utmost importance to the bank, to our clients, and from a regulatory perspective.”
Think about the impact of human resources data and systems being compromised—unauthorized changes could seriously affect reorganizations, onboarding, talent movement, payroll updates and more.
If you are in the travel industry, ensuring the integrity of schedules, from traveler information to engine maintenance, is critical to operations—imagine the chaos that could ensue—and maintaining brand reputation.
It is important to be aware of the different ways data integrity can be compromised and what steps can be taken to reduce the risk, but and also to be able to recover, should a breach occur.
First, let’s look at the ways data integrity can be compromised:
Now, let’s examine ways to minimize these threats to data integrity:
Ultimately, data integrity starts and ends with culture.
Organizations with a strong stance on data integrity typically have a culture that is committed to quality and compliance. This culture starts with the executive leadership and is reinforced by the “top-down” commitment to values, processes and clearly communicated management philosophies. In these organizations, everyone is held to the highest level of accountability with a zero-tolerance policy for fraud. Compliance and quality are prioritized above speed and cost.
These organizations provide training and awareness programs to teach staff how to manage data and recognize red flags. Incentive programs may also be a good way to challenge and encourage employees to focus on quality of work and data security. This also should be extended to all parts of the supply chain to ensure everyone understands the rules and why they are important.
Connect with our experts.
In the next article, we will tackle the final part of the security triad: loss of availability. We’ll go over the threats to keeping your systems up and operational and what you can do to minimize the risk and the cost of downtime.