Panama Papers Highlight Security Gaps


As much as analytics has given us some unique insights into the world through its collation of all sorts of data, as Spiderman's doomed uncle once told us, “With great power, comes great responsibility.”

Credit: Pixabay
Credit: Pixabay

That goes doubly so for analytics, because the power that analytics has is derived from someone else's data. That makes the analytics firm that has access to it just as, if not more responsible for it, since it's their expertise that is being brought to bear on another firm's private, confidential and even secretive information.

While you might be confident about the security at your firm, the practices you have in place and the oversight you have from dedicated digital security professionals, it's worth considering that there is always a way for information to leak. Whether it's through straight-up hacking, social engineering or in the case of Edward Snowden or the Panama Papers' leaks, simply because an employee decides they've had enough with what's going on and want to burn it all down.

Of course we wouldn't suggest that anything your company is up to is worthy of the leaks that took place in those cases, but it's certainly worth bearing in mind. Both the NSA and Mossack Fonseca are enormous entities, with many employees and workers, a number of which are employed specifically for their expertise in protecting digital assets.

Yet that didn't stop the information getting out.

The same can be said for cases where the information wasn't leaked for moral reasons. The White House Personnel Management systems were hacked in 2015 and so were Ashley Madison servers, revealing the personal data of millions.

Then there is the ever-present threat of foreign hackers.

While that sort of scandalous and personal information is unlikely to crop up in your average data silo, the more we are able to do with data, the more meaning we are able to extrapolate from the mountains of information companies are collecting, the higher value nefarious individuals will place on it.

So what can we do to mitigate those sorts of attacks?

Starting from the ground up by making sure that all employees are aware of important security information is perhaps the most important. Not trusting email or messaging attachments, using strong passwords, and requiring multiple layers of authentication before giving an unknown person information are a great place to start.

On a more technical level, encryption is important. While uninformed politicians may continue to paint it as a tool for criminals, in reality it can often be the best tool to combat stolen data. Applying a strong encryption level to as much as possible, especially when data is being stored rather than actively analysed, can go a long way to preventing major leaks from being catastrophic.

Considering the success some major tech firms have had with the practice, bug bounties could be a viable option too. At the very least, if you offer a reward for anyone finding bugs in your system, they're less likely to sell it someone who isn't as concerned with protecting your customers as you are.

What are some of the key moves you think analytics firms can make to maintain the security of their data and the trust of their customers?

Jon Martindale, Technology Journalist

Jon Martindale is a technology journalist and hardware reviewer, having been covering new developments in the field for most of his professional career. In that time he's tested the latest and greatest releases from the big hardware companies of the world, as well as writing about new software releases, industry movements,and Internet activism.

Brexit Negotiations Drive Analytics Growth

Could Britain's exit from the EU drive a new wave of analytics investment and growth? Here's a closer look.

Vocal Commands Arrive for Analytics

Voice interfaces may give many more users access to self-service analytics. Here's a closer look.


Re: Trust
  • 5/26/2016 10:32:39 AM
NO RATINGS

Coincidentally I received a message from Linkedin this week that apparently was trying to minimize fears of everyone about their security break. They say in short, "don't worry" as they've handled it. But, they do suggest using the two factor security they offer. But, even with reassuring words, It's still an anxiety provoking situation for many.

Beyond password Valhalla
  • 5/23/2016 10:21:45 PM
NO RATINGS

..

There's a vast beehive of research under way focused on replacing the lowly password with some other less vulnerable means of ID and authorization. 

A few possibilities are described in an article I came across titled «The Future of Passwords Isn't Just Biometric, It's Behavioral». As this recounts, coming soon to a PC, mobile device, or ATM near you may be a requirement to walk, talk, or blink to gain access.

 

Re: Trust
  • 5/22/2016 5:24:59 PM
NO RATINGS

I like that idea for passwords. It might cut my list of logons and passwords from four pages down to two.

Re: Trust
  • 5/21/2016 9:49:25 AM
NO RATINGS

@ PredicatableChaos - Remembering all those passwords can be a challange.  I've decided that instead of memorizing all those passcodes I came up with a formula that is based on the type and name of the website that I can figure out by looking at the site.  That way every passcode is unique and I don't have to memorize them.

Re: Trust
  • 5/20/2016 7:46:54 PM
NO RATINGS

How many passwords can the average person set, protect and track?

I have about 110+ systems, sites or password levels that I'm supposed to manage.

In the last week, I've learned of major data breaches at LinkedIn, and various email sites. So several of my passwords have just been reset.

We need to get past passwords to something else. Like 2nd factor identification, or some type of biometric ID check.  And once we take those steps, the bad guys will raise their game too.

@Seth - could the sponge holder have simply fallen off? Doesn't really seem like something anybody would need to steal.

Re: Trust
  • 5/19/2016 11:44:13 AM
NO RATINGS

It might be down to getting employees with access the feeling that they are a valuable part of the team, and security is so important that they won't be tempted to overtly or inadvertently lead to leaks and security issues. It seems that the "disgruntled" person or someone who's not completely comfortable with company or agency agenda is going to be the likely leak.

Re: Trust
  • 5/18/2016 8:52:33 PM
NO RATINGS

@ Lyndon,  I was going to add that but as you say the motives are infinite and I figured that was enough.   Today at work I think someone stole the sponge holder in the sink.  Something than can be bought for just a few dollars. Oh why or why? 

Regarding the Panama Papers, I was pleasantly surprised to learn that revelatively few U.S. Americans were on the list and I believe no U.S. politicians were on the list. Correct me if I'm wrong. 

Re: Trust
  • 5/18/2016 11:23:54 AM
NO RATINGS

..

Seth writes "Eventually there is always going to be an angry employee or someone who believes what they are doing is morally justified."

Or an employee who can fatten his or her bank balance by selling proprietary data/information to a competitor.

The motivations and opportunities for appropriation of private data may be infinite...

 

Re: Trust
  • 5/18/2016 8:17:34 AM
NO RATINGS

Maybe the data should be spread over multiple silos the make it difficut to aggregate and copy. Somehow the whole process of copying the information so it can be removed needs to be monitored so leaks can be stopped.

Trust
  • 5/18/2016 3:57:00 AM
NO RATINGS

It seems that it's a constant conflict where we want companies to eliminate silos and share data and also make data more difficult to steal and the two don't go hand in hand. Eventually there is always going to be an angry employee or someone who believes what they are doing is morally justified.

For me, what helps me trust a company more is by not trusting them in the first place.  I store store my credit card info for future use.  I check my credit report once a week.  I trust companies only just enough to get the job done.  I expect that my data is going to be stolen and try to minimize it rather than be upset when it happens.

INFORMATION RESOURCES
ANALYTICS IN ACTION
CARTERTOONS
VIEW ALL +
QUICK POLL
VIEW ALL +