When companies think about risks to data, what often comes to mind is stolen customer data like personal health information, financial data, or Social Security numbers. However, in recent years, data integrity has come under attack with increasing frequency. A cyber-criminal doesn’t have to steal customer information to break the consumer’s trust in your company. In fact, editing and corrupting the accuracy of data might be an even more effective way to harm your bottom line and your customers at the same time.
Let’s talk about what data integrity is, how it comes under attack during a breach, and how to ensure data integrity as part of your security strategy.
DEFINING DATA INTEGRITY VS DATA QUALITY
Data integrity refers to the accuracy and consistency of data throughout its lifecycle at your business; both the current state of your data and the process you have in place to maintain its accuracy. What can get confusing is that data integrity and data quality overlap. Data quality is also concerned with the accuracy of data. We think of data quality as the foundation of data integrity, but not the limit. Yes, data must be complete, valid, and consistent to be useful to a business, but data integrity also relies on secure and real-time integration between different data technologies. If a customer updates their data through one portal, this must be applied to records across the organization.
Additional pillars of data integrity are location intelligence and other enrichments that not only add to the data’s usefulness but also make it easier to validate the security and “real-ness” of the data in the case of a breach.
In short, achieving data integrity may start with improvements in data quality, but other processes must be implemented to make data more useful and more secure.
WHY IS DATA INTEGRITY IMPORTANT?
To show the importance of data integrity, below are two data integrity examples where data has been manipulated in a breach.
- In 2016, the World Doping Agency suffered a data breach and the medical information of many famous athletes was released. However, further study revealed that this data was altered before it was leaked to destroy reputations and sway public opinion through misinformation.
- In 2008, the Brazilian government’s online logging permit system was hacked and the records falsified, allowing nearly 60 million cubic feet of the Amazon to be illegally cut down and smuggled.
These examples reveal two of the biggest risks of a data manipulation attack—misinformation and empowerment of illegal activity. There are other risks across different industries. For instance, in a healthcare setting, a breach of data integrity could lead to information being excluded from patient records, or false information included. In a financial setting, the personal information associated with an account could be changed, denying access to the true owner and putting their money in the hands of criminals. Lastly, in an IT setting, data manipulation could make it appear that information or activity came from different locations, and/or different times than it actually did.
Data integrity is important because, without it, companies assume that the information at their disposal is accurate and consistent, when in fact the opposite might be the case. In such situations, making the headlines of national news due to a data breach might be the best-case scenario. In the worst-case scenario, the data manipulation becomes evident only after consumers slowly but surely experience bad outcomes. On the flip side, the benefits of data integrity as both a state and a process include operating with more confidence and preserving the trust and well-being of your customers.
DATA INTEGRITY BEST PRACTICES
Here are some of the data integrity best practices that Moser Consulting helps our clients put in place:
- Maintain Data Backups: Data should always be backed up in an alternate location so that in the event of a system crash, breach, or other need for disaster recovery, databases and apps can be restored back to when the information was complete and accurate.
- Create Audit Trails: Audit trails are especially useful for ensuring compliance at businesses in highly regulated industries. These records document where data originally came from and how it has been edited or used throughout its lifecycle.
- Establish Access Controls: These features limit the potential for human error or malicious action by defining different privileges to view or edit data. Locks and login credential requirements make it more difficult for criminals to access your data from within or outside the organization.
- Automate Data Validation: A program can be developed to run its own validation rules that check for the correctness, security, and integrity of data even as it is put into the system.
- Define Input Validation: On the consumer side, input validation in fields ensures that only the expected information is entered into a form. This also includes PDFs where only certain fields are editable.
- Routine Data Appending: Datasets that are being developed in different silos must be aggregated and merged in real-time to reveal any discrepancies as fast as possible. This isn’t just essential for security, but also for customer service and experience.
- Process Enforced Policy: Having a data governance framework with policies, guidelines, and standards is important. However, you must implement processes to enforce the policy. Develop policy, Deploy Process, Drive Governance: this is part of our data governance framework.
Other moves that protect data integrity include removing duplicate data all the way up to identifying and patching emerging security risks. Implementing tools like error detection software can help with automating some of the more repetitive data integrity best practices, leaving the talented individuals on your team free to create and implement strategies and respond to threats.
Most organizations have integrity, or another synonym, as a core value. Data integrity can be greatly affected by a lack of integrity in people. We advocate that the context behind the content of our analytic products is important. Confidence is a byproduct of transparency in data and its processes, including why, how, and what we choose to communicate with analytics. Leaders must adopt personal integrity as a core value to not undermine consumers’ confidence level in data and analytic products.
BE CONFIDENT IN DATA INTEGRITY WITH MOSER CONSULTING
Data integrity processes are essential in having long-term confidence in your data, as well as earning trust from your customers. Data manipulation attacks are subversive and may take a long time to detect, sometimes only after tragic consequences manifest. At Moser Consulting we work as an advocate for our clients, defining our success by your success. For more than 20 years we have grown our cross-channel IT expertise in cloud services, enterprise data, application development, system administration, and more to help our clients achieve outstanding results.
Our Data & Analytics division provides consultancy, professional, and managed services in data, analytics, strategy, and governance.
We will help you move forward using secure, clean data, leveraged to its best advantage for your business. Contact us today to learn how it happens.