12 Common Data Security Bad Practices to Avoid 12 Common Data Security Bad Practices to Avoid
You might be falling for common data security pitfalls without even realizing it. Knowing which mistakes you’re making can help you... 12 Common Data Security Bad Practices to Avoid

You might be falling for common data security pitfalls without even realizing it. Knowing which mistakes you’re making can help you enhance your defenses. Do you unintentionally use any of these bad practices?

1. Not Encrypting Data

Not encrypting your data in transit and at rest is a common bad practice. In fact, only 53% of organizations extensively leverage database encryption. This mistake can leave you vulnerable to breaches, man-in-the-middle attacks, and theft. 

Naturally, the solution is to encrypt your data in transit and at rest. Even if it isn’t sensitive, you should strive to make it unreadable to threat actors. Consider utilizing encryption for your storage systems, backups, and communications. 

2. Missing Updates

If you miss even a single update, you negatively impact your security posture. Since threat actors can easily exploit unpatched vulnerabilities, you could make yourself a high-value target without even realizing it.

Your hardware, storage devices, and software should remain up to date at all times. Enable automatic updates where possible to streamline the process. Try to prioritize vulnerability patching — it could drastically improve your data security. 

3. Using Default Credentials

If you’re like most people, you don’t bother to change default credentials or establish strict password policies — making your storage systems more vulnerable to brute-force attacks. Even if you follow the best practices, login details are often leaked or stolen. 

Strong login details can prevent account takeover, keeping threat actors from accessing sensitive data. Your password should contain at least nine characters and be updated every six months. Pay attention to relevant breaches to know when your credentials are compromised.

In-Person and Virtual Conference

April 23rd to 25th, 2024

Join us for a deep dive into the latest data science and AI trends, tools, and techniques, from LLMs to data analytics and from machine learning to responsible AI.


4. Deprioritizing Physical Security

Although physical and digital security are equally important, you probably prioritize the latter. If you’re like many people, you secure your storage systems against external threat actors, forgetting insider and in-person threats can easily cause a breach or steal sensitive information.

You should prioritize physical security as much as digital. Consider establishing strict access controls to prevent unauthorized attempts. Monitor and keep a record of whoever interacts with your storage systems to expedite the identification of potential insider threats.

5. Not Securing Backups 

Although backups hold the same sensitive information as storage systems, they often don’t receive the same attention — poor management is a common bad practice. Storing your copies in an unsecured location with little to no access controls practically guarantees a breach. 

You should secure your backups as well as your storage systems. Leverage encryption, store them in a secure location, and establish privileges to mitigate unauthorized physical and digital access attempts. It can also prevent loss and damage.

6. Failing to Secure Vendors

Third parties often don’t take data security as seriously as they should. In 2022, almost 50% of organizations experienced a cyberattack because of a vendor. If you don’t strengthen your safeguards when dealing with an external service provider, you risk a breach.

You should deploy additional safeguards if you send or store information with a third party. Consider leveraging encryption, authorization measures, and auditing policies. Also, you should vet your vendor’s security thoroughly before using them.

7. Not Monitoring Logs

If you’re like most data security professionals, you’re overwhelmed with logs. In other words, you probably don’t pay as much attention as you should — meaning you often miss critical alerts or overlook suspicious activity, making a successful breach more likely. 

If you can’t keep up with logs, consider automating the process with artificial intelligence or robot process automation technology. Alternatively, you could re-prioritize your team’s responsibilities. Either way, you should consider streamlining the process. 

8. Dismissing Automation Technology

Even though automation isn’t fundamental for robust data security, you might make the mistake of assuming it isn’t significant. Realistically, you can’t monitor every log, patch every vulnerability, and respond to every incident promptly. You only work eight hours daily — threat actors work around the clock. Not leveraging automation means you forfeit protection. 

Consider leveraging technology like robot process automation or security orchestration, automation, and response platforms. Automating updates, network monitoring, and backups can help you stay on top of your critical responsibilities.

9. Not Addressing Insider Threats

Realistically, you are one of the single biggest threats to data security — human error accounts for most security incidents. In fact, humans were partly responsible for 82% of all data breaches in 2022. Insider threats are a serious concern, whether they’re malicious or not.

Leveraging awareness campaigns, spam filtering, and activity monitoring should be your priority. However, damage control is essential since social engineering attacks and misclicks are practically unavoidable. 

10. Viewing Compliance as the Goal

If you’re like most people, you use data security regulations as the standard. In reality, compliance should be your first step. Only meeting the minimum security requirements required by law doesn’t necessarily protect you — it just keeps you from paying fines. 

You should view compliance as the bare minimum instead of your ultimate goal. This way, you protect yourself from fines, losses, and backlash even if one of your defenses fails. Trying to go above and beyond with security measures will pay off in the long term. 

In-Person Data Engineering Conference

April 23rd to 24th, 2024 – Boston, MA

At our second annual Data Engineering Summit, Ai+ and ODSC are partnering to bring together the leading experts in data engineering and thousands of practitioners to explore different strategies for making data actionable.


11. Not Establishing Access Controls

You should never grant anyone complete access to your storage systems by default. At best, insider threats could easily — unintentionally or maliciously — leak sensitive data. At worst, threat actors could take advantage of unrestricted privileges and cause massive breaches.

Implementing strict access controls can help you avoid this common mistake. Limit everyone’s access to the bare essentials of what their roles require. Consider leveraging authorization and monitoring measures to enhance security. 

12. Failing to Erase or Destroy Data

If you don’t discard data correctly, it could fall into the wrong hands. Since you don’t actively manage disposed-of information, recognizing a breach occurred can take weeks — even months. At the very least, you risk facing regulatory action and public backlash. 

You must have strict procedures when erasing or destroying data. Ensure you wipe hard drives, delete backups, and shred documents thoroughly before moving them off-site. You should eliminate any trace of the information to ensure threat actors don’t get their hands on it. 

Knowing Your Mistakes Can Enhance Your Defenses

You can only improve your security posture if you know what mistakes you’re making. Understanding the common bad practices other professionals fall into can help you identify and address your own gaps in defense, enhancing your resilience against threats. 

Zac Amos

Zac is the Features Editor at ReHack, where he covers data science, cybersecurity, and machine learning. Follow him on Twitter or LinkedIn for more of his work.