I shouldn’t have to tell you that data breaches are bad, but you might not know just how bad they really can be. It’s hard to project the cost of a data breach since “data breach” is a generic term that can refer to a wide range of different incidents. But according to a 2020 report from IBM and the Ponemon Institute, the average cost of a data breach worldwide is $3.86 million, and in the U.S., that cost is $8.64 million.
After a data breach occurs, you can mitigate the damage by acting quickly, containing the breach and beginning the recovery process. But the aforementioned report also found the average time it takes to notice and contain a breach is 280 days, and by that point, much of the damage is already done.
Understanding Data Breaches
A “data breach” sounds scary, but it’s a vague term (and a bit of a buzzword). Not everyone who talks about data breaches, or fears them, really understands how they work. Your first job, therefore, is understanding more about data breaches.
In case you aren’t familiar, a data breach is the movement of secure or private information into an untrusted environment. It could be intentional or unintentional. It could be a for-profit hacker or an employee doing the leaking. It could be the release of hospital records, credit card information or just some internal company emails.
Because data breaches take many different forms and can happen in a multitude of ways, you need to be on your guard — and employ a variety of different strategies to protect yourself. As the CEO of a custom software development firm, I recommend the following:
1. Restrict access.
Each person who has access or potential access to data is another vulnerability. If there are 1,000 people logging into a system that has personal information, there are 1,000 vulnerabilities; any person in that group could be the faulty link in the chain. If only 10 people have access to that information, you’re reducing those vulnerabilities by 99%.
There are many ways to limit access to data. For example, you can avoid storing certain types of data (like credit card numbers) entirely, and you can set up different user roles with different levels of access for your internal systems.
2. Improve general security.
Improving your general security is an important step as well. This is a huge and multifaceted topic, so it’s impossible to be comprehensive here, but using techniques like better architecture, firewalls, VPNs, traffic monitoring and restriction, and even routine updates can make a big difference. While you’re at it, make sure you evaluate your third parties carefully; even a cursory connection to an unsecured organization can be a threat to your business.
3. Train your employees.
Would you believe that most data breaches aren’t the result of some dedicated hacker brute-forcing their way past your best defenses? Instead, about 88% of breaches are attributable to human error — errors that can often be made by employees. All it takes is a single successful phishing email or social engineering ploy to gain access to your entire system.
Accordingly, you need to train your employees on best practices for data security — and train them well. That means:
• Teaching employees to follow best practices: Simple best practices can be a powerful defense against data breaches. Training your employees to use strong passwords and never give them out to anyone is easy, but it’s a step too many companies neglect.
• Establishing protocols and hierarchies: Similarly, it’s important to establish protocols and hierarchies for security. What steps need to be taken by each individual working for you? Who’s responsible for whom?
• Educating employees on common threats: It’s also valuable to educate employees on common cybersecurity threats that could lead to a breach and how to avoid them.
4. Audit and reevaluate.
There isn’t a top-to-bottom data security strategy you can employ that will protect you against all threats forever. That’s because everything is constantly changing. You’re hiring new people; your organization is growing; you’re handling new and different types of data; you’re using new systems. Old best practices are becoming obsolete. And most importantly, motivated hackers and cybercriminals are discovering new techniques and approaches to take advantage of vulnerable systems.
If you want to keep preventing a data breach, you’ll need to continually audit and reevaluate your efforts. Are there new security practices you need to be following? Have your employees drifted from following protocols? Audit your processes regularly.
Data breaches can be expensive, time-consuming and a permanent mark on your reputation as a company. But I believe the vast majority of data breaches are preventable. If you work proactively and train your team well, you have your best chance of avoiding most data breaches — and set yourself up for a better defense if you experience one.
Document Destruction can help!!! For only $23.95 per month your company will have full access to CSR’s certified information privacy professionals (CIPP’s) in the event of a breach resulting in an actual or suspected loss of data.
And because a data breach of any size can be scary, we are happy to let you know that these certified and trained advisors are standing by 24 x 7 to respond to you. Based on the information you provide, this service analyzes your security event against a complex multi variate analytical tree and fully reports, as required, to all Federal, State and local authorities as well as many foreign regulatory authorities in the EU, Canada, Australia and beyond. This Service will provide written analysis of all events whether reported or not.
In addition, Document Destruction’s Readiness Pro powered by CSR Privacy Solutions also includes a data privacy self-assessment tool that will help you get your current data privacy policies & procedures up to date, a list of best practices for your company to implement, and an online library of resources created to help you avoid a data breach.
Document Destruction, Cincinnati, Dayton, Lexington KY is ready to partner with you to help you and your business achieve optimal organization.
Document Destruction Services and Paper Shredding Cincinnati, Dayton and Lexington