Do You Know Who Has Access to Your Data?
In the normal course of business, we leave digital footprints wherever we go. This can include basic information, such as name and email address or more sensitive details, such as credit card numbers that are saved in online shopping carts.

Businesses can multiply their digital footprints by the number of employees they have and apps or vendors they use or have used on a regular basis.

How many vendors have you worked with in the past? How many online services have you tried out? How about your website? When was the last time you performed a thorough review of your accounts?

When you start thinking about all the information that could be out there about your business, you begin to see why an account review and policy for closing accounts is important for cybersecurity.

The Danger of Third-Party Data Breaches

So, what’s wrong with having your data left in an application’s database from a trial if it’s a well-known company? Because even well-known and trustworthy companies aren’t immune from a data breach.

You don’t have to suffer a breach yourself to have your personally identifiable information (PII) or business data breached. A third-party data breach can happen anytime, and if you’ve left your data behind, there can be little you can do about it after the fact.

80% of data breaches expose customer PII.

It’s vital to put good “data cleanup” practices in place to ensure you and your team aren’t leaving behind too many breadcrumbs that can end up causing you a security nightmare in the future.

Considerations When Cleaning Up Your Data Footprint

When you approach an assessment of where any of your company’s sensitive data may be, you want to be methodical, and as you’re going through each potential area, come up with cybersecurity policies to prevent “leftover data” from accumulating as you move forward.

Trials of Cloud Software

When you trial a cloud software you can be entering all types of data into the company’s database, depending upon what that software can do. You may also be connecting other accounts to check integrations.

For example, if you’re trialing a CRM, you may connect your email accounts and social media accounts. Later, you may choose not to use the software, but what happens to those connection passwords and authorization keys?

When doing any trial, you should do the following if you choose not to continue with the software:

  • Before the trial is over, delete any data from the system.
  • Delete any payment information or email accounts you’ve added.
  • Disconnect any integrations you’ve connected to other apps.

Cloud Software That You’re No Longer Using

Companies churn through approximately 30% of their cloud apps per year. That’s a lot of leftover sensitive data if you haven’t properly deactivated your accounts.

For example, you could have sensitive financial information and bank account connections left in an accounting app. If you plan to switch to a different CRM, you could be leaving behind customer PII.

When you’re planning to leave an app, usually the vendor will still keep your data in their system for a certain period of time, in case you change your mind and come back. But it’s better to handle this a different way.

What you should do is a full export of your data from the application as well as cloud backup designed for SaaS tools. Some backup systems, such as those for Microsoft 365, can capture everything in the platform and then restore it later if needed.

Once you have confirmed you have a backup of all your information, have your data purged from the system, along with payment cards, emails, and integration connections, before you deactivate the account.

Website Plugins & Vendors

Another area you want to consider is your website. Your site’s database can hold a lot of information, especially if you have an e-commerce site. Make sure you are working with reliable vendors/developers and only use plugins with a good reputation, so you’re not left at risk.

Some things to confirm before you end a relationship with a vendor that you’ve either used for hosting or working on your website include:

  • Confirm that any mirrors/backups they have of your site are deleted
  • Change any access passwords they used
  • If changing webhosts, do not use the same FTP username/login as you did with the other host
  • For plugins, make sure they’re properly disconnected, deactivated, and removed (don’t just turn them off)

Shadow IT (Apps Employees Use Without Permission)

Shadow IT can be a big security problem for companies because it means their data is out there in applications they don’t know about.

Employees typically start using apps on their own innocently enough, not realizing they’re putting company data at risk by using an unauthorized app.

Speak with employees about the apps they use to uncover any uses of shadow IT. Then evaluate those apps to see if you want to formally approve them, and if not, export and then delete data and deactivate the accounts.

Get Help Protecting Your Online Data

Data First Solutions can help your GTA business with an audit of where your data may be and an action plan to protect it now and in the future.

Contact us today to book a free IT assessment. Call 416-412-0576 or book your assessment online.