Welcome to the security awareness training with Accountable. All the laws covered by this training require that any employee who will have regular or permanent access to personal data must undergo training to understand their responsibilities under the regulation. These training videos shouldn't take too long. But be sure to pay close attention because there will be a quiz at the end of each video.
In its most basic term, data security is the process of protecting digital information from unauthorized access, theft, or corruption throughout its entire lifecycle. It is a concept that impacts many aspects of the business, including software applications, physical hardware, storage devices, and even an organization's policies and procedures. We live in a world that relies heavily on digital information and the cloud to manage and store information. This has transformed the way we do business and made it even more difficult to protect and secure digital information.
According to one report, the average cost of a data breach for companies with more than 25,000 employees was a staggering $5.11 million total or $204 per employee. What's more alarming is that for smaller companies with between 500 and 1,000 employees, the average cost of a data breach was found to be $2.65 million, making the average cost per employee a staggering $3,533.
These costs can be anything from fines and fees levied by governing bodies due to breaches. The actual sustained can be much greater due to customer churn and loss of trust.
In addition, some studies have shown customer turnover after a data breach to increase by as much as 4%. While it is difficult to quantify, it only follows that breaches create mistrust with the public. This affects both current client retention rates and new customer acquisition. This should be a wake-up call to take data privacy seriously, as it could be detrimental to a business' bottom line.
While the importance of data security might often be overlooked, a push for data security from the consumer is at an all time high. In recent years, many new privacy regulations have gone into effect around the world, such as Europe's General Data Protection Regulation, GDPR, and the California Consumer Protection Act, CCPA, in the United States. This new legislation joins longstanding data security provisions, such as the Health Insurance Portability and Accountability Act of 1996, HIPAA, of the American healthcare industry and the Sarbanes-Oxley act or SOX, which protects shareholders and public companies from accounting errors and financial fraud.
With many of these fines reaching into the millions, companies today have major financial incentives to ensure that they are compliant with applicable data privacy laws.
What is personal data? Data privacy laws are typically focused on securing and protecting the personal data that these businesses collect as part of their operations.
But what is personal data? The United kingdom's GDPR defines personal data as any information that relates to a natural person, which means someone who can be directly or indirectly identified. This could include information such as your name; address; asset information or financial details; personal identification numbers, such as a social security number or driver's license number; personal features, like full face images or X-rays; or information about your property, like a vehicle registration number. While it seems pretty obvious we wouldn't want this information falling into the wrong hands, some other examples might not be as clear cut.
Certain information that can be combined with others to form a person's identity may also be regarded as personal data. This could be anything from your birthday, race, birthplace, religion, weight, location information, employment history, educational background, and even family members' names. Additionally, certain details about our online identities can also be considered personal data. According to the UK's GDPR, this can include identifiers such as order numbers, IP addresses, data from cookies, or location information.
For many hackers, the combination of this information from a variety of sources begins to produce a clear picture of you that can then be exploited. What might seem insignificant to some could lead to outright identity theft to others. You may be asking yourself why anyone would want your information in the first place.
Privacy Affairs' Dark Web Price Index 2021 shows us just exactly how much your information can be sold online for. For example, at the time of recording, a cloned American Express card with a pin tops the payment card list at US $35 each, while the typical credit card generally sells for around US $12 to $20. If you're unfortunate enough to have your routing and account number leaked, these details typically sell for around US $65.
On the other hand, simple email accounts can command a relatively higher price at an average of US $156. Protected health information or PHI, however, can go for hundreds of dollars and could have lasting effects on the individual involved.
To ensure that your personal data is protected, it's always important to know what data is being processed, why it's being processed, and if the organization should be collecting the data in the first place.
This concludes this section of accountable security awareness training. You must answer the following questions to move on to the next section.