Are You Ready For A Data Breach?
They’re More Common Than You Think
We live in an age where your doorbell records you, your phone knows how much time you spend in each app, and with a few clicks or taps you can have your groceries waiting for you curbside at the grocery store. In many ways the streamlining of data has eliminated friction points in our day to day lives and saves us time and mental anguish. However, with our data circulating online at an egregious rate, this creates vulnerabilities for breaches and leaks of our information that can have long term consequences. According to the 2019 Cost of Data Breach Report from Ponemon Institute and IBM Security, close to 1 in 3 companies will experience a data breach throughout the calendar year. With so much more information, analytics and data circulation, and it demands, now more than ever we need to be aware of the risks presented with data breaches as well as just how costly they can be.
Following the statistics from the 2019 Cost of Data Breach Report, the average cost of a data breach for companies with more than 25,000 employees was a staggering $5.11 million or $204 per employee. Even more alarming, the cost of a data breach for smaller companies with between 500 and 1,000 employees, the average cost of a data breach was $2.65 million or $3,533 per employee. This means that smaller companies are affected at a much higher rate by costs incurred from data breaches. These costs can be anything from fines and fees levied by governing bodies due to the breaches, actual loss sustained, and customer churn due to a loss of trust.
Customer churn as a result of a data breach has been shown to be 4% on the high end and 1% on the low end specifically attributed to customer churn as a direct result of knowledge of a breach occurring. While it is difficult to quantify, it only follows that breaches create mistrust with the public and not only negatively affect current client retention rates but also create more hurdles for new customer acquisition. If these statistics come with a cause for concern, good. This should be a wake up to take data privacy seriously as it is often overlooked and can be detrimental to a business's bottom line. But before you start forking over thousands of dollars for a full fledged Fort Knox style online security solution, let's outline some basics you can implement right now at now cost to you to ensure you’re taking advantage of 5 simple ways you can bolster your online security.
This should go without saying, but the less data to interact with by default the less exposed your business will be to a data breach. The principle of least privilege is a common data security practice that essentially states that users within your organization should only be able to access the data that is needed to perform the basic functions of their role. In some cases, employees are given unfettered access to internal data which can result in major data breaches if the login credentials fall into the wrong hands. In addition, administrator accounts should be used sparingly as these types of accounts are often targets of external attacks from hackers attempting to gain access to your sensitive data.
Another good rule of thumb is if the information doesn’t have an immediate impact on current or future business it’s to destroy it and purge it from your database. No need to hold onto unnecessary information for safe keeping. If you are really worried about needing that data backlog in the future you can always download from the server and put that information on an external storage device and store it in a secure location if you are worried about losing information, but that in itself comes with risks in and of itself.
Lesson #2 in Data Security 101: strong passwords. Many of us fall into the rut of utilizing variations of the same password over and over again, and while this is convenient for memory recall it can be detrimental for your business. With the variety of encrypted passwords and auto-generated passwords today this is a very easy first step to eliminate unwanted access. While it may seem a bit elementary, we like to think of strong passwords as a good first step toward preventing data breaches. Think of it sort of like liking your doors at night. Sure, it’s pretty simple and obvious, but I think we’ve all come home from a long weekend only to find we’ve left the door unlocked. Nine out of ten times everything is fine, but it just takes one weak password to completely expose an entire infrastructure at times.
Ample Data Encryption
Following strong passwords, ample data encryption is another easy way to add another level of protection on the data in transit as well as stored throughout the scope of your business. This manifests itself in many different ways such as VPNs and other encrypted forms of data transmission. These encryption services create another degree of security even in the event of unwanted exposure as it leaves the data unrecognizable to prying eyes. Encryption is both affordable and comprehensive in deterring hackers in even attempting to access your data. Encryption gives your organization both peace of mind as well as a bit more breathing room in terms of data transit in general and allows for higher levels of data usage while mitigating risk in general.
Comprehensive Employee Training
Knowledge is power and in many ways in data security. To use another platitude, organizations are only as strong as their weakest link. Because of this, it is imperative that organizations provide ample training resources to their employees to ensure that best practices are being maintained throughout their course of operations. Oftentimes, these training sessions are required by compliance regulations on a regular basis anyways (HIPAA Training), so be sure to stay up to date on specific regulations that affect your course of work. Implementing personalized and timely employee training creates competency levels in areas that drastically improve data security and overall mitigates the risk of data breaches due to human error.
Create a Breach Response Team
Unfortunately, you may take advantage of all of these steps to bolster your data security and still fall victim to breach. They say your best offense is a great defense, and we like to think the same about data breach prevention. Putting a comprehensive team in place will reduce the scale of the loss once a data breach occurs.
What To Do Once a Breach Has Happened?
However, at the end of the day, no prevention plan is foolproof. Whether it be human error or a malicious cyberattack, it is important to keep realistic expectations lest we leave ourselves blindsided when a breach occurs. Because of this, let’s look at three key ways to respond in the event of a data breach.
Communication is Key
Communicating with the necessary internal teams is crucial is executing the data breach response plans you have put in place. In addition to communicating with your breach response team, it is also important to communicate the breach to those affected by the breach in a timely manner. Breaches can go unnoticed for extended periods of time, sometimes months or even years. Giving those affected prompt notice is often required by law and also allows them to begin to respond to the breach themselves.
Identify the Source
Like a hole in a bucket of water, the breach needs to be cut off at its source. Immediately after communicating with the response team, goal #1 needs to be cutting off access to the data breach. Whether this means a full system lockdown or running a series of diagnostic tests to identify the source of the breach and eliminate it as soon as possible. As mentioned earlier, breaches can cost millions of dollars and the sooner you can stop the bleed of information the sooner you can start to rebuild your data security.
Online Information Audit
Another important step in breach responses is eliminating false information online as well as the leaked data. Scouring the internet for sensationalized reporting on the breach or even the data itself is a necessary step in damage control to ensure that you are protecting the data as well as your brand’s reputation. This is why prompt, clear communication can eliminate space for speculation or interpretation. Set the facts straight and weed out the ones that are inaccurate.
Overall, a data breach is a harsh reality of the digital age we live in. With every intuitive feature of a product or service, our data is being utilized in more ways than we often recognize. Legislation can only go so far to encourage responsible data privacy and security practices. Ultimately, it is up to individuals organizations to take data security seriously and ensure readiness in the event of a data breach.