By: Jamie Neilon
According to a recent study, 5,183 breaches occurred during the first nine months of 2019. These breaches exposed 7.9 billion records. That is a 33.3% increase in the number of breaches and a 112% increase in the number of records. An IBM report found the average cost of a data breach in the U.S. grew 130% from $3.54 million in 2006 to $8.19 million in 2019.
Cost of Data Breaches
Calculating the cost of a data breach depends on four factors:
- Detection. The longer a breach goes undetected, the more it costs.
- Notification. If personal data is compromised, authorities must be notified of the breach within 72 hours of discovery. Otherwise, no federal law exists regarding notification of a data breach.
- Containment. Costs for containing the breach varies based on the complexity and scope of the breach.
- Recovery. Costs related to recovery include customer retention and market presence as well as system and operational recovery.
When all four of these factors are used to calculate the cost, it’s no wonder the financial impact has grown. Just think what the Capital One or Equifax breaches cost those companies.
Types of Data Breaches
Monitoring agencies have started dividing breaches based upon their root cause.
- Malicious. Cybercriminals initiate more than half of all breaches.
- Employee. Although some employee breaches are the result of insider attacks, most are the result of poor password security or lax email or website policies.
- System. System design and maintenance can contribute to data breaches. Weak firewall settings, out-of-date software, or ineffective monitoring can result in data breaches.
Knowing how breaches can originate is the first step in preventing them.
Preventing Data Breaches
Most companies hear data breaches and think digital, but breaches can be physical. Paper-based information can be stolen or simply acquired because of poor information management.
Create a Plan
Creating an information management plan helps identify what information must be retained and for how long. It should identify the precise process for destroying unnecessary information. Designate the method of disposal for each information type and make sure sensitive data is removed before having a third-party destroy the media. A good practice when using a third-party to destroy media is to request a certificate of destruction upon completion as well.
Employees need to be trained on the latest scams and how company policies have changed to address these. Cyberattacks change, so don’t expect a one-time training session is enough. If employees are not trained on what to look for, they can’t participate in stopping an attack. Implement policies that force password changes and help employees create strong passwords.
Secure All Data
Physical records require security, too. Make sure you keep all confidential and private information secure. Be sure to restrict access to a minimum and run background checks. Never let third-parties, including temporary workers, have access to secured data.
Most companies require a level of data sharing to function. However, that doesn’t mean open-network access. Companies should restrict the number of access points and carefully monitor any remote access capabilities. As part of the information management plan, establish levels of access according to function. Be sure to set guidelines for internet access.
Keep all software up to date. That includes applications as well as operating systems. Firewall security and network segmentation should be deployed to minimize unauthorized network access.
Backup All Data
Countermeasures to data breaches include system backups. If a company has access to a full backup, it is much easier to contain the breach and to recover data. Backups should be maintained off-premise and off-network. This policy ensures that a cyberattack cannot disable backups as well as live systems.
Talk to a Professional
Securing data is a core business process that can cost millions if not performed correctly. If you need help in putting these four best practices into place, contact Innovative Discovery. We are ready to help protect your data.