‘Data integrity’ is a funny term – it sounds a bit like a character trait; there’s data with integrity, and then there’s malicious data that you just can’t trust. And really, that’s what it boils down to: how accurate and trustworthy is your data?
It’s important to distinguish ‘data integrity’ from ‘data security’. While data security refers to how well-protected your sensitive data is, data integrity is about how much you can trust it. You need to know that from beginning to end, the data stays reliable and consistent, even if it has to pass through several systems.
To have integrity, data has to be:
- Accessible. Accurate data needs to be easily accessed in the right places, at the right time.
- Traceable. Each touchpoint needs to be tracked accurately so that you can identify any red flags early.
- Reliable. Data has to be accurate and consistent in order to report on company goals.
Since organisations make data-driven decisions every day, achieving data integrity is crucial. Imagine making a decision that impacts the entire organisation based on incorrect figures. And yet, a report from KPMG found that 65% of C-Level executives don’t have a high level of trust in the way their organisation uses its data.
So, how do you achieve data integrity?
To achieve data integrity, you need to reduce the risk of:
- Human error
- Errors made during the transfer of data from one system to another
- Misconfigurations and security errors
- Threats caused by malicious intent (e.g., disgruntled staff, malware and cyber attacks)
- Compromised hardware.
Here are some steps you can take:
1. Validate data and input
Data coming from both known and unknown sources needs to be verified – whether it’s a user or another application. How do you know that it’s really that user or application that’s sending the data? Is the data accurate?
2. Remove duplicates
How many times have you left sensitive information in a document, on a spreadsheet, in an email or in shared folders? Then, when it needs to be referenced, you can’t remember which version is the most up to date – or where to find it!
3. Regularly back up your data
This is self-explanatory. Backing up your data regularly prevents permanent data loss. Just make sure your backups are also encrypted so that you don’t leave yourself open to a cyber attack.
4. Control access
To guarantee the data hasn’t been tampered with, you need to make sure only the right people have access to ita.
And don’t overlook physical access. Ameer Karim, VP and GM of Consumer IoT Security at Symantec, says that default passwords on printers are often never changed. This creates a weak link that hackers can exploit to penetrate the system. Cyber criminals can not only see the information being printed, but they can also use the access point to hack the wider network and uncover more sensitive information, including financial data (CeBIT 2018, ‘IoT Security for the Real World’).
Additionally, make sure that servers containing the most sensitive data are isolated and bolted to the floor or wall.
5. Have clear audit trails
Audit trails are essential in the case of a data breach. For your audit trail to work it needs to:
- Automatically track each event (create, delete, read, modified)
- Be tamper-proof
- Assign each event to the associated user
- Time-stamp each event
6. Audit vendors
Since your organisation is probably managing and storing data through a third-party vendor, you must make sure to audit vendors regularly. Ask them how they validate data to make it trustworthy.
7. Audit staff
Human error is often the cause of failure when it comes to data integrity. This is why it’s important to:
- Make sure that you continuously train the staff who manage your sensitive data, and keep records of that training
- Conduct internal audits to evaluate your controls and procedures.