Numerical Insights LLC

View Original

5 Ways to Better Protect Your Confidential Data

Data breaches are in the news every day, especially the large-scale ones that occur at retailers and financial institutions. But did you know that most data breaches are the result of employees accidentally exposing sensitive data? These unintentional actions can have substantial consequences.

Every year, I receive sensitive information in email that the sender did not intend me to see. So far, the information hasn’t been crucially sensitive but these events point out how easy it is for employees to send out confidential information. In all of these cases, the person forwarded an email from a colleague without being aware of the full content of the email text. I recommend the following:

  • Scroll all the way down your email before your forward it.

  • Open all attachments in the email you are composing to ensure you’re sending the correct files.

Given that many of us in the analytics world deal with sensitive and confidential data every day, this article provides five ways to better protect your confidential data.

 

1.  Carefully Consider Who Needs Access to the Data

I work with a large number of companies and have seen the full range of data access levels. I’ve experienced environments that are so restrictive on data access that it almost paralyzes the ability to conduct any analytical studies at all. At the opposite extreme, I’ve heard of environments where access to data is so free-flowing that it’s quite concerning. Only luck will prevent a leak of confidential data in such an environment.

It is, therefore, vitally important to review the type of data you have in your company and to determine which information is the most crucial to protect. With that list in hand, determine which employees have a legitimate business reason to access that confidential information. Train those employees on your established processes for protecting that data.

For customers and suppliers who need access to confidential data, ensure that a non-disclosure agreement (NDA) is in place and that they also receive training on protecting your data and secure methods for data transfer.

 

2.  Consider Who Needs to See Your Analyses

After you conducted your analysis, where did the results go? Did you email the results to six executives for review? Did they each forward the analysis to three of their managers? Their entire team? You don’t really know, do you? 

Sending out the results of a confidential analysis as an email attachment gives you little control over how far that information spreads throughout your employee base and possibly to external sources. Consider the following ideas to better control access to those results.

First, determine the list of people that have legitimate business reasons to see the results. Upload the analysis results to a file storage location where you can control who can log in to that location. Send a link to the file location in an email instead of using attachments. If this email gets forwarded, only those with permission to access the file location will see anything when they click the link.

There are also several features of email programs that you can leverage. Almost all email programs have a feature where you can prevent someone from “forwarding” your email. This shouldn’t be considered an alternative to secure file storage but rather a nice added feature. (Note: You can also disable “reply-all” when you need to email large numbers of people for feedback so their email doesn’t explode with everyone’s responses…but I digress from my point.)

 

3.  Remove Sensitive Data that Isn’t Crucial to Your Analysis

In the analytics world, we greatly appreciate receiving data sets with a convenient, unique identifier. It is this unique identifier that allows us to put together two different data sets for a more comprehensive analysis. 

When it comes to analyzing HR data, this unique identifier is often the “employee number.” As an example, when we have our employee list with job title coming from one system and we have our employees’ performance review scores coming from another system, we would use the employee numbers to match each performance score to the correct employee. 

Now, suppose the reason we’re doing this study is that someone wants to get an idea of the amount of variation in these scores by location, by department, etc. I’ve picked an incredibly simple example here since the purpose of what’s being studied is irrelevant to the point I want to make. 

We needed the employee’s ID number to be able to match our two data sets together, but the employee ID number is not needed beyond that activity. It’s irrelevant to the study. So, to protect the privacy of your employees, consider removing the employee ID number from your data (after merging your two data sources) to ensure it will not be visible by the people viewing the study results. Remember that tools like Excel pivot tables and Tableau dashboards allow people to reveal the underlying data even though it may not be displayed on the charts and dashboards you provided.

If you feel that you really need to keep a unique identifier because you may have to refresh the data later, then map the unique employee ID number over to a series of “meaningless” unique numbers (1, 2, 3, …) that don’t identify anyone. You can keep this mapping separate from the data you send out, and keep it separate from the analysis results. This way, employee IDs are protected but you still maintain the full analytical functionality you need to revisit this study in the future. This concept works well when you’re trying to protect customer and supplier numbers too.

 

4.  Restrict the Ways that Data Can be Transferred

For this suggestion, a great relationship with your IT staff is helpful. Whether the data you are trying to protect is financial data, secret engineering product drawings or employee data, restricting the way your employees can transfer this data is crucial.

Whether your company is large or small, virtually every company must interact with a list of suppliers, customers, employees and contractors. Freely emailing confidential data to suppliers and customers is not secure. Every time you send an email, it passes across multiple networks and through multiple servers throughout the world. Any person with admin access to those servers can read your email. Any person with access to those networks can read your email.

It’s perfectly fine to send emails arranging conference calls etc., but when it comes to transferring confidential information such as product drawings and employee identification data, it is better to upload that information to a secure file sharing area. Your customer or supplier can retrieve the information from that location and you have control over adding and revoking access to data files.

An additional feature I’ve seen is configuring laptops such that data cannot be copied onto a USB drive, forcing employees to use the secure transfer methods established by their IT team.

 

5.  Use Representative Values

I received a call from an HR executive who works for a well-known hospital in the U.S. She was concerned because the Finance team asked her to provide a list of employees, their job titles and base salaries for a study they wished to conduct. She wanted to refuse the request because she was uncomfortable giving out data on employee salaries.

I suggested to her that we speak with the Finance team to understand the analysis they were trying to conduct in order to determine whether they truly needed exact salary values. What I had in mind was to eliminate the sensitive values of exact salaries with representative values such as the mean of the salary band instead. After speaking with the Finance team about what they were trying to accomplish, it turned out that exact values were not needed for them to answer their business question and they were quite satisfied with receiving the data with representative values inserted.

The above situation speaks to the importance of understanding data and analysis requests that come into your department rather than receiving what I will call a "blind request.” In this particular case, understanding the request allowed HR to serve its internal customer well while protecting the privacy of its employees. 

See this content in the original post