Risk management: Stay informed to prevent a data breach
Cybersecurity crimes are at an all-time high across the U.S and are estimated to cost a staggering $6 trillion each year by 2021.1 Besides causing disruption, these crimes can result in complete business loss. To fully address these crimes, we must first recognize how data breaches can differ from other cybersecurity attacks.
A data breach involves the exposure of names, social security numbers, driver’s license numbers, medical records and financial records that put individuals at risk. You can help to prevent these data breaches from happening by first understanding the risks.
Types of data breaches
While some are more popular than others, each type of data breach presents a serious threat to your company. IdentyForce compiled a list of the top offenders and the businesses that fell prey to attack.2
- Employee error: Errors made within the company can cause data breaches by word of mouth, faulty equipment or general violation. Saks Fifth Avenue fell victim when their website displayed customer information for the world to view. This error could have been made by an IT team member or another employee by mistake.
- Accidental exposure: In the case of University of Oklahoma, educational records dating back to 2002 were accidentally exposed due to incorrect privacy settings on their document sharing system, Delve. This accident caused 29,000 instances of private information made public.
- Physical theft: Although it’s not as popular as other types of breaches, theft is still a possibility within businesses today. Washington State University fell victim to theft when a criminal broke into its campus and stole a hard drive that held the records of one million people. It was stolen from a safe that was fully protected, breaching a huge amount of personal demographics and research.
- Third party. Businesses that use third parties for their data can fall prey to these types of breaches, whether by accidental or on purpose. Bronx Lebanon Hospital Center was left with thousands of exposed medical records when their third-party backup server was misconfigured.
Policies to know
We’ve all read a risk management policy after accepting a new position, and while these may seem superfluous at first glance, they’re actually crucial to preventing data breaches. These policies include:
- Risk management: Used to identify, analyze and assess risks. As technology changes and your business grows, your risk management policy will evolve.
- Classifying assets: Offers a road map to classify your assets to ensure that you have the best level of protection.
- Information systems security: Outlines which security controls should be used for various information systems. This policy is typically required by all organizations and should include physical security, encryption, network security and access management.
- Information systems assessment: Ensures that new systems have proper security and that the members of your business know the standards. This policy links all the other policies together into one defined security plan.
How to fight back
Now that you’re aware of the various types of breaches and the policies in place, you can enhance your security by taking specific measures within your business.
- Encrypted storage: Most companies that are breached have failed to encrypt their storage. You should always encrypt the data you store and use multistep authentication to protect that data. While you may save a bit of time by skimping on this, it will cost you in the long term.
- Real-time security monitoring: Build or outsource a team to a security center to constantly keep an eye on your data. By detecting data breaches early, you can stop them in their tracks, before the data is stolen or leaked.
- Intrusion detection: Set up intrusion detection to run constantly to find intrusive devices that enter your system successfully. This type of prevention can save your business from a breach that you could have seen coming.
- Employee training: Your employees are your best defense against attacks. Ensure they understand security standards, policies and how to use the software. Conduct ongoing training to keep employees abreast of the risk management side of your business.
Data breaches can completely change your business. To stay ahead of threats, you need to understand the types of breaches you could face, how to combat them and which policies you should have in place to fight back. Your business is worth the effort.