Data security is a priority for IT professionals in the business world. For others? Not so much. A study by the Ponemon Institute reported that only about 38 percent of non-IT employees with access to company devices viewed data security as a high priority. But after 2017 showed us that data breaches can do a lot of damage to a company, can you afford to let it slide?
What is a data breach?
Simply put, a data security breach is a confirmed incident in which private, sensitive, confidential, or other protected data is accessed or released in an unauthorized way. For example, you’ll probably recall a number of high-profile security breaches that occurred in 2017, such as Equifax and Yahoo.
Despite widely-held perceptions, largely due to pop culture, many data breaches are not a result of hacking — at least, not by the stereotypical cyber criminal tapping furiously at his keyboard. In fact, some of the most notorious data breaches happened because an authorized user took an unauthorized action. Target’s 2014 breach, for instance, occurred because of a successful phishing attempt on a third-party vendor, giving the attackers the login information to Target’s systems. Because at least one employee opened a fraudulent email, the payment and contact information of over 70 million Target customers was compromised.
If it sounds scary, that’s because it is. IBM’s 2017 Cost of Data Breach Study reported that in 2017, the average cost of a data breach for a company was $3.62 million, and 1 out of every 4 companies experienced some form of breach. The cost includes lost customers and investors, paying for an incident response team, recovering lost data if possible, legal fees, and more. In addition, loss of trust is more difficult to quantify, and could make it more difficult for companies to get back on track towards revenue goals.
So where are you with business security solutions?
Firewalls are a good start, but…
Digital attacks and data breaches have changed a lot over the past decade, which means putting up a firewall around your network just isn’t enough protection any more. With sophisticated machine learning and virtual intelligences being developed (think IBM’s Watson, with less personality), cybercrime and cybersecurity have entered something of an arms race, where constant monitoring and anticipation of threats is vital, and reactive measures are too little, too late.
Ransomware has taken many businesses by surprise, holding digital devices hostage in exchange for money, though last year saw a new development in which the devices were wiped rather than restored. These types of malware, like Target’s breach via a phishing email, are introduced to networks by innocuous channels such as email or website downloads rather than an organized attack on your firewall.
What can you do?
Start by taking stock of the security solutions you already have in place. Talk to your IT staffabout what they’re doing to ensure your company’s data is secure; if they’re not sure, now’s the time to start learning. Take a few simple, but effective actions, such as putting in place a password policy, using two-factor authentication whenever possible, and securing your wireless network so that only employees can access it.
Then, take every opportunity you can to learn more about data security, and what it could mean for your business. Technology is always changing, so we need to be able to keep up.