The plot thickens

What chance secure data management might have altered the outcomes of certain landmark films? Charlotte Williams, marketing & PR manager at total information management company Shredall SDS Group, offers her insights

What would have happened to the Allies, if Alan Turing had failed to crack the Enigma code in 'The Imitation Game'? And would the National Security Agency's nefarious schemes have been exposed, had it protected its sensitive data and prevented Edward Snowden from publishing its secrets through WikiLeaks?

Based on real-life stories of data infiltration, these films could have ended very differently, if more effective data protection measures had been put in place. But before you dismiss this as nothing more than a light-hearted exercise in procrastination, just think: what can we learn from the cinematic universe about secure data management practices?

We'll cover a range of films - fiction and non-fiction - over the course of this article. As well as dissecting their plots to determine how they might have been changed with proper data management, this feature will also provide practical tips on how you can avert similar data mismanagement mishaps in the future.

Admittedly, these two film series are unlikely candidates for the first item on a list of data misman-agement movie plots. As you're probably aware, the story centres on the One Ring, a mysterious artefact created by the Dark Lord Sauron that grants the wearer the power of invisibility. Bilbo steals the ring from Gollum during a fateful turn of events in 'The Hobbit: An Unexpected Journey'.

Following his adventures over the course of the next two films, Bilbo returns to the Shire with the ring still in his possession. At a later point, Gollum is captured by the minions of Sauron, revealing the name and location of the unfortunate hobbit. This sparks the chain of events that makes up the rest of the trilogy, with Sauron's forces attempting to return the ring to their master, as Frodo embarks on a journey to destroy it in the fires of Mount Doom. Had Gollum kept the ring in a secure location or protected the vital information of Bilbo's whereabouts more carefully, the rest of the series could have turned out differently.

But what can we learn from Gollum's critical act of data mismanagement? The key takeaway is this: if your business holds sensitive commercial data, then it's vital - in the immortal words of Gandalf the Grey - to "keep it secret, keep it safe".

Hard copies of files should be stored in a secure location, whether you keep them on-site or employ a third-party to look after them. Some companies even choose to store their critical legal business files in a high-security vaults with specialised access mechanisms!

Digital copies are even more susceptible to interception and should be stored using a secure data management platform. It's best to look for data storage software that requires multi-factor verification before allowing users to access files.

Based on the true story of Edward Snowden, this film follows the protagonist as he works for the NSA and finds out disreputable government agency secrets. One shady secret he discovers is that the NSA has planted malware in the computer systems of foreign governments, allowing them to be disabled in the event that these foreign nations were to oppose the US.

Eventually, Snowden, pictured, becomes disenchanted with his work at the NSA. He smuggles sensitive data out of the agency in a microSD card hidden inside a Rubix cube and releases it to the press. Had the NSA protected this information in a more secure manner, Snowden would not have been able to expose their perverse practices to the world.

Although the details of how Snowden actually managed to produce a copy of the NSA data are not known, it's somewhat astonishing that he was able to extract data from the NSA system using nothing more than a microSD card in the film.

In reality, data breaches of this kind are completely preventable with the right software. There are many programs out there that can stop users from copying data to any form of external device, unless they are given explicit authorisation. If your business holds sensitive data and isn't already using some data loss protection software, you should really look into this.

It's also worthwhile having policies in place regarding remote workers. Businesses should specify that work laptops are only to be used while connected to a secure network - using an unsecured network opens you up to data breaches that could potentially be costly. Monitoring the activity of remote workers is also advisable.

Jurassic Park is another film that could potentially be deemed an unusual choice on this list. Data security may not be the first thing that comes to mind when you think of Jurassic Park and indeed the data security element in this film is more subtle than in the other examples.

Yet one plotline involves Dennis Nedry, a computer programmer employed by the Park, using his hacking skills to disable the security systems and steal dinosaur embryos. He intends to sell these on to the highest bidder - with potentially disastrous consequences - but never makes it out of the park and is eaten by a dinosaur. All of this potential danger could have been averted, if Jurassic Park's cybersecurity system had been better protected against this kind of attack. The take-home data security message from this film is clear: even if your data doesn't pose the same threat as stolen dinosaur embryos, invest in decent cybersecurity systems or prepare to be infiltrated! Protecting your systems should start with doing the basics right - ensure that employees set secure passwords that are different for each type of software they use. Your company should also invest in sophisticated anti-malware software. If your resources allow, you could even think about hiring a hacker to test your defences and ensure your cybersecurity is up to scratch.

The Girl with the Dragon Tattoo The frequent cyber-attacks and data breaches that occur throughout this film make it one of the more obvious choices for this list. The film focuses on Mikael Blomkvist, a former journalist who was disgraced by the corrupt media mogul Hans-Erik Wennerström after failing to make libel accusations against him. Blomkvist temporarily retires from journalism and decides to help Henrik Vanger discover the murderer of his granddaughter, Harriet.

During the course of the film, Lisbeth Salander, a talented computer hacker and the eponymous 'Girl With The Dragon Tattoo', helps Blomkvist to get to the bottom of the mystery. Once the murder case has been solved, Salander uses her hacking skills to acquire sensitive information about Wennerström. This information enables Blomkvist to get revenge against Wennerström, publishing an exposé article and book to destroy his reputation. Blomkvist's magazine, Millenium, becomes popular and well respected as a result. If Wennerström had succeeded in protecting his data from Salander's cybersecurity attack, then Blomkvist might never have got his revenge.

The data protection lesson to take from 'The Girl with the Dragon Tattoo' is similar to that of Jurassic Park. While your company's computers won't contain data that's sensitive in quite the same way as Wennerström's, it's important that you put money into your cybersecurity systems and prioritise the hiring of skilled cybersecurity personnel.

Now we come to the final instalment in this list of data mismanagement films. 'The Imitation Game' is based on the true story of Alan Turing cracking the German Enigma code. As such, the data infiltration at the heart of this film has implications for 20th-century history.

If Turing had failed to crack the Enigma code with his machine, then German military messages could not have been decoded and the outcome of the war might have been different. The British would have been unable to divert supply convoys around German U-boats by cracking their naval communications, which could have had catastrophic consequences for the war effort as a whole.

Of course, your business doesn't rely on a system of encoded messages to communicate. There are, however, modern parallels. It's likely that emails and messages are sent between members of staff that contain data which would be of interest to your competitors - your business can't afford for these to be intercepted.

Particularly for high-level business discussions that refer to commercially sensitive information, it's wise to utilise a secure, encrypted messaging platform. Many of these are freely available, so there's really no excuse for a lax approach when it comes to securing your business communications.