“No computer is safe.” Or, at least, not in the eyes of US President, Donald Trump. At his first New Year’s Eve reception in his new role, the Commander-in-Chief suggested that the only truly effective means of protection against hackers and prying eyes is to maintain a massive air gap.
So is there some truth in what the President is saying? Is it a case of offline equals ‘good’ and online equals ‘bad’ when it comes to data security?
We take a look at the evidence…
Couriers v Computers
The President went on to advise that “If you have something really important, write it out and have it delivered by courier”. Whether you are a commander in the field or a CEO, this seems to suggest that the biggest risk of data theft you are faced with is that of having the information hacked from afar.
Quite apart from the logistical issues that such an approach would give rise to, (i.e. maintaining an army of minions to deliver messages for you), this also seems to assume that humans are more effective at delivering information safely and effectively than technology.
Increasing the element of human error
One only has to look at the latest statistics from the UK’s Information Commissioner's Office (ICO) to spot the flaws in this thinking. While businesses certainly need to be alive to the risks posed by hackers, it remains the case that human error is the single biggest cause of data breaches, accounting for almost two thirds (62%) of reported incidents.
Of these breaches, the majority occurred as a result of data being inadvertently sent to the wrong person (most often by post or fax). Loss and theft of paperwork was another major culprit - as was failure to properly dispose of hardware and paperwork.
Let’s say businesses were to adopt an ‘offline only’ approach to data transfer as a means of security risk mitigation. Can you ensure that data is reaching the right hands? If it doesn’t, what are your options - given that encryption is taken out of the equation? How is the logistical challenge of storing or disposing of physical data being dealt with at the other end? By taking the ‘nuclear’ option to deal with the risk of hackers, you are simply increasing your risks elsewhere.
The Cloud as dangerous territory: the facts…
If businesses and other organisations were to embrace the air gap, then this would inevitably mean a reversal of the huge take up in cloud service adoption rates. So would this mean that businesses would be any safer?
Quite the contrary. In reality, where businesses choose a reputable data storage cloud provider with strict security measures in place, security across their IT ‘ecosystem’’ is enhanced rather than reduced. Likewise with email (a live topic in the US election). In 2017, a fit-for-purpose cloud-based solution includes comprehensive anti-spam and anti-malware filters and secure, reliable archiving. It means that businesses can deal with ever-large quantities of email data - and do so in a way that is safer than ever before.
There’s also the issue of continuity in case something does go wrong. In reality, having a regular and reliable backup system from a cloud provider is actually on of the best ways of reducing both data loss and wider losses to any organisation.
Fears about data security are certainly valid - but rejecting everything “online” most certainly isn’t the way forward.