Skip to main content

Data protection, and identifying vulnerabilities

If your business stores customer, client and employee data, you’re probably familiar with data protection. But how do you know if the way that you’re collecting and storing data is secure? First, you’ve got to figure out where your vulnerabilities are.

What does data vulnerability mean?

Data vulnerability is the term used to describe the weaknesses or mistakes in acquiring, storing or deleting data which has the potential to compromise your business; either through lack of confidentiality, or accessibility. It’s about looking at who has access to data, how they have access to it and what impact that could have on data protection.

Essentially, when you’re thinking about data vulnerability, you’re looking critically at your systems, and the ways that data could be vulnerable to being lost, destroyed, or shared. This is really important for businesses, because these vulnerabilities increase the risk of a data breach. 

A data breach can cost your company a lot of money from fines, recovery costs and security fixes. It can also result in customers and clients going elsewhere whilst your company recovers, and losing trust in your company when it’s back in business. 

How do I find out where the vulnerabilities are?

To start identifying data vulnerabilities, you need to look at the life cycle of your data. Data and ethics researcher Dr Gemma Galdon-Clavell explains that the life cycle of data has five stages, and it’s at these stages where we can identify vulnerabilities, ‘there are five moments of vulnerability in every data that gets into your system: the moment of collection, the moment of storage, the moment of sharing, the moment of analysis, and the moment of deletion. In those five moments, things can go wrong.’ 

Collection

This is how you acquire your data. It’s likely that you’re acquiring data in a lot of different ways; through online enquiries, over the phone, through orders and accounts, or inputting it manually. Remember, data protection applies to personal data; names, addresses, phone numbers - anything that could personally identify an individual. 

Storage

This is where you keep data once it has been collected. This doesn’t just mean the main place that you keep data, it’s everywhere that data is kept; which includes information sent over email, both in the attachments and the body of the email itself. Again, it’s likely that you’re storing data in a few different ways such as hard data (in paper files), on hard drives in devices such as computers and phones, and in the cloud.

Sharing

The next stage in the life cycle of data is sharing. This is the way that data is sent and received by people within your organisation and outside of your organisation. That’s everyone who has access to data, including contractors. If data is accessible to a person or business, then you are sharing data with that person or business.

Analysis

This is how data is analysed; when you’re running tests and hypotheses on data, and looking for patterns. This could be as simple as figuring out what email strategies work best, or who has clicked on a link on your website; but it’s important to know where your data is going during that process.

Deletion

Deletion is the moment that data is removed from your systems, but this stage also includes the point at which data is retained without any reason. This is called stale data; data which you no longer use within your business but is still stored somewhere on your systems, which is very attractive to hackers. 

What can I do to reduce data vulnerability?

Once you’ve looked at how you collect, store, share, analyse and delete data, you can use this information to identify data vulnerabilities. 

Primarily, look at your systems as a whole. How do you feel about the process of collection? What about the way that you’re sharing data; does it feel necessary? How much data are you retaining, and for what purpose? Remember, all the data that you collect and store should be there for a reason; if there isn’t a reason, you shouldn’t be storing it.

Your data vulnerabilities will be unique to your business; however, here are a few tips and tricks to get you started.

Collection

  • Only collect data that is absolutely necessary

  • Ensure that your systems for data collection is secure

Storage

  • Revoke employees access to data when it is not required

  • Use two factor authentication

Sharing

  • Implement a secure system for sharing data

  • Ensure data cannot be shared accidentally

Analysis

  • Revoke third party access to data when it is no longer required

  • Analyse data that is relevant and necessary

Deletion

  • Ensure data does not remain anywhere within your systems

  • Destroy data safely and securely

Is my data protected now?

Identifying data vulnerabilities in this way will help you to reduce the risk of data breaches. However, to understand exactly how secure your systems are, it’s worth bringing an IT support team on board. 

Our IT support engineers can go through your pre-existing security, and identify any vulnerabilities. We can then suggest improvements and amendments, and implement these for you. 

Worried about data vulnerabilities? Give us a call on 0191 482 044


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
As ever, the most patient, understanding and effective support one could ask for. Simon Stewart, Trinity Chambers

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer
Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner