Data breaches are becoming more common, and can be a huge cost burden for a company of any size. To help prevent a data breach from occurring at your organization, take a look at the valuable breach information and cybersecurity best practices below.
What is a data breach?
A data breach occurs when an unauthorized individual views, steals, or uses confidential and protected data like financial or personal information or even intellectual property.
Many would assume that a data breach involves highly intelligent scheming used to hack into an advanced digital network. However, while these types of breaches do occur, most breaches are far more mundane and avoidable.
- According to an IBM study, the average consolidated cost of a data breach is around $3.8 million—that’s an increase of 23% from 2013. Records or data stolen loses money, and the average amount of money lost for each record or piece of information stolen comes to $154. That’s a 6% increase from $145 in 2013.
- According to a 2014 survey of 567 U.S. executives, 43% of American companies experienced a data breach of some kind in 2013. Only 30% of executives surveyed noted that their company was efficient and effective at creating data breach contingency plans. Furthermore, according to a separate study, 31% of small business owners don’t have a data breach plan.
- Experian, a credit information company, noted that 80% of the breaches that they often handle are directly tied with employee negligence.
- In 2014, according to Identity Theft Resource Center, the total amount of reported data breaches hit 783—an increase of 28% from 2013.
- According to the Identity Theft Resource Center, hacking (such as using a password attack, like a brute force attack) is a major cause of most data breaches, standing at roughly 22%. Insider theft or accidental exposure accounts for 12% and data breaches caused by subcontractors or third party companies accounts for 11%.
How to prevent data breaches from occurring:
Keep Your Employees Educated and Informed
Take the time to educate employees about data breaches. Employees should understand what a data breach is, how they’re caused and why they should be avoided at all costs. Employees should understand how to recognize a data breach, and they should also be educated on the various methods hackers use to steal data (i.e. password attacks and/or email phishing).
For example, responding to phony email should be avoided at all costs. Using the same simple passwords or usernames for all work logins and accounts can compromise security.
Downloading suspicious files, using unauthorized personal computers or mobile devices to access a company’s network, visiting unauthorized websites, using unsecured WiFi or failing to report stolen company property (such as a laptop or a USB) can all lead to data breaches.
Employees should also be educated on the importance of practicing particular security measures, such as creating strong passwords, never sharing passwords or personal information or never remaining logged in to a work computer after hours.
Strong Security Policies
Enact strong and companywide security policies. For instance, all employees should create strong passwords that they can never share—they should also replace the passwords every month or two. Rules regarding the use of work computers or mobiles (both on and off company grounds) should be laid out clearly, and consequences for violating these rules should be established.
Invest in Current Software
Invest in the best firewalls and security software for your company’s email systems and overall networks. The company should make sure to constantly update security software to ensure that it’s up-to-date. Also, working with a specialized security professional or team is recommended.
Practice a Breach Plan
What do you do if a breach does occur? Sometimes even the best security measures can’t prevent a data breach, so a company should have a plan for if and when a breach occurs in order to mitigate losses. For example, practice having your IT or security teams “contain” a practice breach so that if and when a breach does occur, they will know how to act during an actual incident. Practicing containment efforts in advance can help to lessen the effects of a breach.