GhostVolt Blog

Sign up for the latest articles on data security, cyberthreats, data compliance and privacy.

Back to Blog

Stale Data: Your Invisible Cyber Security Threat

How to identify and delete forgotten data security targets in your organisation.

Guest author Amanda Johnson By Amanda Johnson| March 27 2019

Vulnerable company data in a set of unlocked filing cabinets.

First off, let’s make sure we’re all on the same page about what stale data is. Stale data is information no longer needed for daily operations—your employee handbook from ten years ago, the 32 different versions of a former salesperson’s favorite pitch deck, etc. It is estimated that more than 50% of a company’s data is actually stale, and 85% of companies have more than 100,000 folders that contain stale data.

You might be wondering what the big deal is; well, I’ll tell you. A substantial quantity of stale and/or inactive data inflates costs and increases security risks with little to no value in return. In order to reduce risk, it’s important to identify stale data and determine what can be moved, archived, or deleted. Subsequently, you need to establish a consistent policy to manage stale data moving forward. Potential cybercriminals are on the lookout for stale (or unsecured) folders as soon as they land on a network. This stale data doesn’t just include Bob’s 32 pitch decks, though; it can also include sensitive information about former or current employees, customers, projects and more. In fact, 3 out of 4 companies have more than 1,000 stale sensitive files (Varonis Global Data Report).

Stale data can be expensive to store and manage and poses an increased (and unnecessary) security risk. While organizations typically focus on keeping attackers out, all too frequently, the data itself remains largely accessible and unmonitored. That’s akin to putting all your defenses and resources into building the strongest, highest castle walls, but leaving your most prized possessions spread out on the castle lawn. Or, in a slightly more timely reference, keeping too much stale data around would be like throwing all your old bank statements and unused credit card offers in a pile at the top of your street-side recycling bin—they may not be of use to you anymore, but they can absolutely hurt you if they get in the wrong person’s hands.

One of the ways to ensure that your company’s stale data isn’t a security hazard is to ensure that your data encryption tool is working both during data transit and while data is at rest. Encryption should always be standard for all stored data, regardless of whether or not it is deemed “important”. By using a data encryption solution, (such as GhostVolt) you can be absolutely certain that all of your data—including your stale data—is not only encrypted but restricted to essential personnel within your organization.

Smart Encryption Built for Teamwork

GhostVolt Business

Collaborate with always-on encryption, customise your team access permissions, meet regulatory compliance and take control with advanced reporting.

GhostVolt Solo free trial

Encrypt Stale Data

While there is really no reason not to encrypt all of an organizations’ data, it’s understandable that stale data can be seen as a less worrisome risk, one that can safely set aside while more urgent tasks are taken care of. But with modern encryption tools, stale or archived data can be made safe from bad actors with a single click. And the penalties for losing stale data are no less severe than for current data. At the same time, because archived data is used or accessed less frequently, the possibility that your older data will be stolen is much higher, since fewer eyes are on it, on a daily basis. You may not even know that your ‘retired’ data has been compromised until reports from outside your organization start flooding in. At that point you’ll suddenly realize how much can be gleaned from data you thought inconsequential.

Stale Data CAN be Used Against You

Still not sold on how stale data can be used against you (or your company)? Consider this: In the summer of 2018, stale data was successfully used in phishing and extortion campaigns by using a crafty twist on an old email scam. The message appears to have been sent from a hacker who’s compromised your computer and allegedly has some compromising information on your internet browsing habits. The email threatens to release all the lurid details to all your contacts (or everyone in your company—or worse all your customers!) unless you or your employer pay a Bitcoin ransom.

The new twist? The email now references a real password previously tied to the recipient’s email address, and maybe—to add another layer of believability—they have some high-level personal information about you (such as your address or your spouse’s name) or your company (such as the CIO’s name or the name of your department head) that they could find through a fairly simple internet search.

Alternatively, an industrious scammer could accomplish this scheme fairly simply by using a customer database from a freshly hacked website, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers could potentially latch onto this method as well.

While the majority of people wouldn’t fall for these types of emails, imagine how disconcerting it would be to find one of these in your Inbox with a current (or even former) password? Even worse, imagine if your company’s network was breached, and your customer’s data was at risk. The recovery from that alone could cost you untold dollars in “clean-up” efforts, not to mention to toll it could potentially take on your reputation.

Let’s go a step further. When your stale data is unprotected, it is also vulnerable to what I would consider a largely unforeseen risk: employees. Nearly 60% of security incidents are the result of insiders, with over 30% of the incidents resulting from errors — and almost 30% from misuse of data (The 2017 Verizon Data Breach Investigation Report). A nosy or spiteful insider could access old records or gather details about former clients or employees without anyone noticing. What they do with that data could range potentially cause irreparable damage.

To mitigate these risks, it is vital for you to studiously and regularly keep data access in check; not taking precautions not only opens the door to insider threats but invites them in for coffee. For example, when you create a new GhostVolt folder, a Folder Encryption Key is automatically created. These keys are used to encrypt all the files stored within a particular folder as well as to restrict access. Every folder within GhostVolt has a unique Folder Encryption Key, helping to keep your data protected while at rest.

How GhostVolt Can Help

GhostVolt is designed to be a platform for storing and collaborating on documents in a secure fashion. Data stored within GhostVolt is encrypted both at rest and in transit, meaning that even an attacker with access to your network can’t steal data without access to user’s passwords.

GhostVolt provides state-of-the-art collaboration tools with a focus on protecting your organization’s sensitive data. By providing a configurable and customizable solution for storing and managing your data on any server, GhostVolt provides you with complete control over your data.

Smart Encryption Built for Teamwork

GhostVolt Business

• Secure collaboration
• Custom user permissions
• Automated encryption
• Powerful reporting
• Data compliance
• Scales with your business
• ...and much more

GhostVolt Business free trial