Abandoned files can destroy your business – interview

Published: 28 April 2023
Orphaned data interview
Shutterstock/Cybernews

Do you own a business? Do you hire loads of employees, but they come and go on a regular basis? Be careful: they usually leave a lot of stuff behind. The amount of this kind of orphaned data – without clear ownership or maintenance – can cause a lot of damage.

Layoffs are in vogue these days in the US, especially in the tech sector. Layoffs.fyi, a website that’s been monitoring tech layoffs since March 2020, has compiled data indicating that approximately 174,000 employees have been laid off by around 600 tech companies since the beginning of this year.

The firing spree is accompanied by the so-called Great Resignation. This term describes the record number of people leaving their jobs – over 50 million American workers voluntarily quit their positions in 2022, according to Job Openings and Labor Turnover Survey (JOLTS) data.

ADVERTISEMENT

This year, the trajectory doesn’t seem to be changing. Job switchers want pay increases, better work conditions, and just generally, something new.

Job openings are abundant, after all. US employers hired a record 76.4 million people and laid off the fewest on record, 16.8 million, in 2022, according to JOLTS data.

For companies and organizations, though, this level of employee turnover can easily turn into a nightmare.

In 2022, Cybernews already reported that firms that are losing workers also risk losing technology and digital assets. Corporate passwords can also be abused by ex-employees.

However, these workers also leave behind an enormous trove of dark data – information collected, processed, and stored during regular business activities, but not used for other purposes.

This is dangerous, says Datadobi, a company focusing on unstructured data management. It adds that the amount of such “orphaned data” is growing at an unprecedented rate – and creating multiple security, compliance, or reputational risks. Threat actors are ready to grab the chance and sow even more chaos.

We had a chat with Michael Jack, co-founder and chief revenue officer at Datadobi, and asked him to explain why abandoned files can go as far as destroying businesses. He also gave us some insights into ways that organizations can stay ahead of the curve.

A major and growing problem

ADVERTISEMENT

What kind of data are employees leaving behind the most – work-related or otherwise – such as torrents or logins to various entertainment platforms?

When employees leave a company, they may leave behind various types of data that pose risks to the company’s security and compliance. Some of the most concerning types of data include sensitive or confidential information, such as customer data, financial information, or trade secrets.

This type of data can be valuable to competitors or hackers and can result in significant financial or reputational damage if it falls into the wrong hands.

Another type of data that can pose a risk is outdated or unpatched software or systems. These can leave the company vulnerable to security breaches or other cyberattacks, especially if the former employee had access to privileged accounts or passwords.

In addition, employees may leave behind passwords or access credentials to various systems or applications, which can be used to gain unauthorized access to steal or manipulate data.

As you mentioned, torrents left behind by former employees can create several risks for their former company. One potential risk is legal liability for copyright infringement. Torrents are often used for the unauthorized sharing of copyrighted material, such as movies, music, or software.

torrents-data
Torrents left behind by former employees can create several risks for their former company. Image by Shutterstock.

If a former employee leaves behind torrents containing such content on their work device, it could lead to legal action against the company for facilitating or enabling the infringement.

Additionally, torrents can be used to distribute malware or other malicious software, which can compromise the security of the company’s systems and data.

This can be especially concerning if the former employee had access to sensitive information or privileged accounts. Finally, torrents can also consume significant amounts of bandwidth and other resources, potentially impacting the performance and availability of the company’s network or internet connection.

ADVERTISEMENT

What sort of data do threat actors find it easiest to steal or infect with malware? How is this orphaned data accumulated – is talent too cheap and lacking IT smarts in companies and organizations, especially smaller ones?

Threat actors may find it easiest to steal or infect data that is easily accessible or not properly secured. This can include data that’s stored in an unencrypted format, or data that is shared or transmitted over insecure channels, such as unsecured email or file transfer protocols.

Additionally, threat actors may target data that’s stored on vulnerable or outdated systems, such as legacy servers or software that’s no longer supported.

Orphaned data is a large and growing problem that has until recently been extremely difficult if not impossible to manage. And, while you ask if smaller organizations are feeling the pain more so than their enterprise counterparts, I would offer that oftentimes the opposite is true.

Orphaned data is often dispersed across various storage systems and locations, making it difficult to locate and manage. This can be especially challenging in large organizations with complex IT infrastructures, where orphaned data can be scattered across multiple departments, devices, and platforms.

"Threat actors may find it easiest to steal or infect data that is easily accessible or not properly secured."

Michael Jack, co-founder and chief revenue officer at Datadobi.

And orphaned data may not be clearly identified as such, which can make it difficult to determine who owns the data and what should be done with it. This can be particularly problematic if the data contains sensitive or confidential information, as there may be legal and regulatory requirements for how the data should be managed and disposed of.

Last but not least, managing orphaned data can be resource-intensive, requiring significant time and effort to identify, catalog, and dispose of the data in a secure and compliant manner.

And to your point, this can be especially challenging for organizations with limited IT resources or competing priorities.

Proactive steps essential

ADVERTISEMENT

What does the process of viruses spreading to orphaned data and hurting the company, or data leaking look like? Could you give a few examples of incidents related to the irresponsible management of orphaned data?

Viruses can spread to orphaned data and hurt a company in a number of ways. Orphaned data is data that’s no longer being used or managed and can often be forgotten or ignored by IT staff.

If this data is not properly secured, it can be vulnerable to malware and other cyberattacks. For example, a virus could infect a document that has been forgotten in an old folder or a backup system, and then spread to other systems on the network. This can cause significant damage to the company’s data, systems, and reputation.

Data leaks can also occur when orphaned data is not properly managed. If this data contains sensitive or confidential information, such as customer data or trade secrets, it can be a prime target for hackers or other malicious actors.

For example, a hacker could gain access to a forgotten report or presentation that contains customer information, and then sell this information on the dark web. This can result in significant financial and reputational damage to the company.

I would not describe any incidents that were a result of orphaned data being due to irresponsible management. Instead, I would say that prior to the launch of new data management software, such as StorageMAP (this is Datadobi’s product), IT professionals simply did not have the technology capabilities to deal with orphaned data. Now they do.

What does the correct practice of effective orphaned data management look like here? What can companies do about it?

To address the issue of orphaned data, organizations may need to implement data governance policies and procedures to ensure that all data is properly documented, stored, and maintained.

This might involve conducting regular data audits, assigning clear ownership and responsibility for data, and establishing guidelines for data creation and storage.

abandoned-files
Orphaned data is data that’s no longer being used or managed and can often be forgotten or ignored by IT staff. Image by Shutterstock.

The right software enables organizations to identify and manage orphaned data by providing visibility into unstructured data stored across the organization’s entire storage estate. By comparing the list of current employees with the data residing on the storage estate, it can identify all data that has no clear owner thereby enabling the company to take immediate and appropriate action.

ADVERTISEMENT

This action can include but is not limited to deleting, transferring ownership, or moving it to a more suitable environment.

A lot of companies also keep everything forever, so to speak. Which files or data is it best to keep, and which ones can be cleared to destroy? Legality surely matters in most cases, right?

Determining which files or data to keep and which ones to delete or destroy can be a complex process that depends on a variety of factors, including legal and regulatory requirements, as well as business needs.

As you pointed out, in many cases, companies are required by law to retain certain types of data for a specified period of time. Beyond legal and regulatory requirements, companies might also have business reasons for retaining certain types of data.

However, it’s important to balance the benefits of retaining data with the potential risks and costs associated with data storage and management.

In terms of data that can be safely deleted or destroyed, it’s generally recommended to dispose of data that’s no longer needed or has reached the end of its useful life. This can include outdated software, backups that are no longer needed, and data that is redundant or obsolete.

It’s also important to securely delete data that contains sensitive or confidential information, such as customer data or trade secrets, to prevent unauthorized access or data breaches.

Ultimately, determining which files or data to keep and which ones to delete or destroy should be guided by clear policies and procedures that consider legal and regulatory requirements, business needs, and best data retention practices.

It’s crucial to acknowledge that ignoring the risks associated with orphaned data is not a viable option. Failing to take necessary measures to effectively manage your data can put the safety, reputation, and financial stability of your business in jeopardy.

Therefore, it’s essential to take proactive steps toward data management and not wait until a potential crisis emerges, and it’s too late.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT