Telstra – What Happens When Archival Data Goes AWOL on the Internet

Telstra leak from Sydney Morning Herald

Commenting on the latest data leak of customers’ information from Australian telecoms giant Telstra – with personal details of thousands of customers searchable on the Internet – Varonis, data governance software specialist, says this appears to be an all-too-common case of an organisation losing track of what is happening with all of its data at all times.

According to David Gibson, VP with Varonis: “Spreadsheets are used every day to analyse information that’s stored in a database.  People export a group of records, and then sort, search, pivot, and analyse. Organisations need to understand where these spreadsheets are stored and what they contain, make sure only the right people have access to them, and monitor who is using them. This is more easily achieved than it has ever been, due to the availability of automation software that identifies sensitive data that is accessible to too many people, audits its use, and flags potential abuse.”

For most companies, about 70% of information is stored in unstructured file formats.  Such files can be thought of as the gateway to the brain—they are the first place you record a thought or an idea, and they are the intermediaries between people and databases as usually data is exported into a spreadsheet to analyse it.

“Spreadsheets are created constantly by many employees, and often contain high-value information – which is what this latest leak of data from Telstra appears to center around. They are not easily trackable without automation. It’s better to find them and make sure they are protected before they turn up online,” he said.

“In a survey we conducted, we found that senior management in 67% of organisations do not know where all their company data resides. We also found that 74% of organisations reported that they do not have a process for tracking which files have been placed on third-party cloud digital collaboration and storage services,” he added. The survey’s findings are detailed here: http://bit.ly/17yLkgC

In Varonis’ in-depth reports, says Gibson, researchers found that only 39% of organizations use automation to identify sensitive data, and only 9% of respondents’ companies have a process in place for authorising and reviewing access to cloud repositories in place, with another 23% still developing their access policies.

“I’m sure that Telstra has mounted a full investigation into what exactly happened with this latest client data leak. The good news is that the telco quickly took the files offline after being notified. This is a classic lesson to all businesses what can happen when archival data goes AWOL on the Internet,” he added.

David Gibson’s tips for secure collaboration are:

  • Create an inventory of your most used collaboration platforms to get an overview where data lives, who has access to it, and who is using it.
  • Identify data owners for each data set and have owners perform a preliminary entitlement review to see if data is stored in the right place and if the right people have access to it.
  • Remediate any exposures, such as data that is accessible to too many people or regulated/sensitive content that is stored in the wrong place.
  • Monitor access to all data – this will help easily identity data owners and identify unused data and abuse.
  • Put a process into place that provides secure collaboration for remote employees – including synchronization, mobile device support and extranet functionality – that works within the existing enterprise servers and infrastructure.

For more on Varonis: www.varonis.com

Speak Your Mind

This site uses Akismet to reduce spam. Learn how your comment data is processed.