GovDefenders Wednesdays: What is Zombie Data?
Cybersecurity Wednesdays is a series exploring the world of public sector cybersecurity. We introducing concepts, offer opinions, provide resources, and identify ways to protect your agency.
Vampire Data is a concept recently coined by Kroll Advisory Solutions. They describe it as “any data that can’t seem to be killed, but comes back to drain the life out of the organization.” I agree with the idea, but think a more relevant name is “Zombie Data”.
Zombie Data is old, forgotten data you think you’ve disposed of, but haven’t, coming back “from the dead” when a hacker finds it. And unfortunately, in the digital age, these zombies are not the slow limping version; they’re the 21st century, adrenaline-fused kind.
Zombie Data is not new. Fifty years ago it was equivalent to someone taking notes during a meeting, throwing them away afterward, then having a spy find the sensitive information in the trash and using it against your agency.
Today, Zombie Data is throwing documents into your desktop trash, but not emptying it; leaving data on hard drives or thumb drives you have lying around; and/or accidently uploading unknown information to your cloud. These files have a tendency to lie forgotten and dormant leaving you unprotected and more vulnerable and far easier to hack.
Kroll recommends two methods to prevent Zombie Data:
- Take yearly data inventories to locate lost documents
- Provide employees with data handling training
There are also Zombie Computers in case you were wondering.