5 Things Your Business can do to Prevent Data Breaches
Which of the following poses the greater risk that your organization will unintentionally give up confidential data?
- An anonymous hacker in a foreign country, snooping for network vulnerabilities.
- One of your mid-level managers who receives three phone calls while trying to write a single email.
According to a recent study by breach response insurance provider Beazley, you should be more worried about the distracted guy writing the email. Beazley looked at more than 1,500 data breaches that it serviced from the beginning of 2013 through August 2014. They concluded that human error causes more breaches than do cyber criminals.
Beazley found that more than half of all data breaches resulted from employee mistakes. Employees sending emails and faxes to the wrong recipients accounted for 31 percent of breaches. Another 24 percent resulted from physical loss of paper records. Theft of data from portable devices made up 13 percent. Intrusions from outside a network (what many people ordinarily consider to be "hacking") were responsible for only 11 percent of incidents. These involved the use of malicious software that spies on or damages the victims' networks.
While this last category was only the fourth most frequent cause, Beazley noted two troublesome characteristics. First, these incidents are becoming more frequent, growing by 20 percent from 2013 to 2014. Second, when they occur, they are far more expensive for the victims than are the other causes. Investigating these incidents carries more than four times the cost of tracing back to email errors and misplaced paper files.
The impact of a data breach on a business can be enormous. The Ponemon Institute's 2014Cost of Data Breach Studysaid that the average cost of a breach to a company was $3.5 million, a 15 percent increase over the previous year.
The damage goes beyond repair and restitution; data breaches can chase customers away. A 2013 study of consumers in 24 countries found that nearly one in five had been victims of data breaches. More than a third of the victims said the breaches had caused them to stop doing business with those companies. Almost half said they were warning friends and family about sharing information with them.
Beazley recommends five things organizations can do to prevent data breaches.
- Encrypt the data on all devices, especially smart phones and tablets. Beazley found that organizations could have prevented three-quarters of all the breaches it handled in 2013 by encrypting devices.
- Automate the process of updating software to fix security gaps. When a new version of a program is released, devices and servers should update automatically to address vulnerabilities without staff having to remember.
- Require users to create complex passwords, and enforce this requirement. Hackers use programs that can uncover passwords that are simple dictionary words. Passwords should have a combination of letters, numbers and special characters.
- Train employees to spot emails that are disguised attempts to get confidential information. Some emails appear to be from a trustworthy source, but they ask for user ID's, passwords, PIN's, and other information that the real source would not need.
- Review all emails before sending them. Senders should verify that the address is correct and should be certain that the contents of the message and attachments should be sent to that recipient.
The Internet is an essential tool for modern business, but it has its risks. While no organization can be completely immune from data breaches, following these steps will greatly reduce the odds of one happening. They are some of the best things you can do to protect your customers and your business.