You may be in Government, private sector or in the Non-Governmental Organization but one thing is common: you are most certainly aware of how Data is changing the face of the world. Data is helping to cure diseases, boost a company’s revenue, or make a building more efficient.

Data is simply another word for information. But in computing and business, Data refers to information that is machine-readable as opposed to human readable. In this article, Data refers to the raw facts and statistics, and information that is accurate and timely, specific and organized for a purpose, presented within a context that gives it meaning and relevance, and can lead to an increase in understanding and decrease in uncertainty.
Information helps in making informed decisions by presenting data in a way that can be interpreted by management. Customer information, for example, would be useful in providing metrics surrounding client engagement to determine better ways to engage or work with your clients.

However, it must be stated that the value of information lies not only in the information itself, but the actions that are triggered or arise from that information. Importance of Data Information can alert an organization of poor customer satisfaction, which could be derived from customer satisfaction surveys. It is only useful if such information creates a change in the way the organization in question deals with customers. In other words, the information process should form part of a wider review
process within the organization to gain the best outcomes.
This then calls for protection of such data for it will continue informing the organization on its performance and for the benchmark for decision making. Different institutions invest differently in Data protection.

In this write-up, I share the threats data face to warrant such protection. Ever heard of Wanna Cry? This is the name for a
prolific hacking attack known as ‘ransomware’ which holds a computer hostage until one pays a ransom.
Globally, there are cyber-attacks which eat the web, hitting Personal Computers (PCs) in different countries, governments and businesses.

Once it infects a computer, it encrypts -- basically scrambles -- all the data. Then the program puts up a screen demanding that one pays money to get access. The price increases over time until the end of a countdown, when the files are destroyed.
Wanna Cry spread rapidly across a number of computer networks in May last year. After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access and then demands a ransom payment in bitcoin in order to decrypt them.

A number of factors made the initial spread of Wanna Cry particularly noteworthy. First it struck a number of important and high-profile systems, including many in Britain's National Health Service. Secondly, it exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency, and thirdly it was tentatively linked by Symantec and other security researchers to the Lazarus Group, a cybercrime organization.

How it works? What about Petya, ever heard of it? This is the second major global ransomware attack in the
recent past. When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files.

If victims do not have a recent back-up of the files they must either pay the ransom or face losing all of their files.
The malicious software spreads rapidly across an organization once a computer is infected using the Eternal Blue vulnerability in Microsoft Windows or through two Windows administrative tools. The malware tries one option and if it does not work, it
tries another. Wanna Cry ransomware, which struck in May 2017, and the highly destructive Petya variant, which struck in June 2017, have some similarities as much as they have several differences. The recent Petya variant was not ransomware, but
instead a wiper disguised as ransomware. Unlike ransomware, wiper malware is designed to destroy systems and data. The attacker offers no option for recovery.
Cybercrime and hacking Cybercriminals and hackers get most of the attention. But private information is equally at risk when
trusted organizations carelessly mishandle sensitive data, jeopardizing reputations and confidentiality.
Consider this: The Kenya School of Government Human Resource Department inadvertently circulated to its mailing list confidential individual information, luckily it was just within. In the UK, it became public knowledge that a Special Air Service(SAS) trooper’s secret evidence, given ‘in camera’ to the Australian Senate inquiry examining the military’s use of resistance to interrogation training, was mistakenly sent to the very organization he was criticizing.

A transcript of the soldier's evidence, which disclosed the identity of a senior intelligence official and revealed highly controversial training methods, was mistakenly distributed to every witness who appeared before the inquiry, including military and civilian personnel. The secretariat for the Senate standing committee apologized, saying it was an administrative error and that they are ‘dealing with the individual concerned’.

This would be hardly helpful. A few weeks earlier, home-schooling families in Victoria were distressed to find that details had been posted about their children pulled out of school because they were bullied, had mental health issues or received inadequate support for disabilities. The blunder occurred when hundreds of submissions to the Victorian Education Department were uploaded to the department's website without personal information being redacted.
When the National Australia Bank mistakenly sent information including names, addresses and account details of about 60,000 migrant banking customers to a wrong email account, the bank blamed human error and said 40 per cent of these customers had closed or had not used their accounts that year, and just under a third had balances of less than $2. That might have provided some reassurance, but the central issue is not the detail but how and why such human errors keep happening and what is being done to prevent them. It is such failures, which are all too common and, needless to say, are not confined to government agencies which hackers exploit and access individual information from which they demand ransom.

However, genuine online errors sometimes occur, and they can be very damaging to security and reputation.
Why protect Data One most important reason to protect data is fear of financial loss. Data is an important asset to organizations
as loss of information can lead to direct and indirect losses. Direct loses encompass financial losses; sales, fines, or monetary judgments while indirect loss leads to reduced confidence by customers who will then prefer competitors.

Worse yet, stolen or altered data can result in financial effects that are not known to the company until much later. Regulations also push for data protection. Laws regarding electronic communications are continuously being imposed by governments with dire consequences for failing to comply. These regulations in most cases define what information must be retained, for how long, and under what conditions. Loss of critical communications by organizations can be interpreted as a violation of regulations and may subject an organization to fines and legal action against leaders. imperative for organizations

By: Joseph Ndungu
Director e-Learning and Development Institute