Five Ways to Prevent Data Breaches
Do you know which of the following poses the greater risk that your organization will unintentionally give up confidential data?
- An anonymous hacker in a foreign country, snooping for network vulnerabilities.
- One of your mid-level managers who receives three phone calls while trying to write a single email.
According to a study by breach response insurance provider Beazley, you should be more worried about the distracted employee writing the email. Beazley looked at more than 1,500 data breaches that it serviced. They concluded that human error causes more breaches than do cyber criminals.
Beazley found that more than half of all data breaches resulted from employee mistakes. Employees sending emails and faxes to the wrong recipients accounted for 31% of breaches. Another 24% resulted from physical loss of paper records. Theft of data from portable devices made up 13%. Intrusions from outside a network (what many people ordinarily consider to be "hacking") were responsible for only 11% of incidents. These involved the use of malicious software that spies on or damages the victims' networks.
While this last category was only the fourth most frequent cause, Beazley noted two troublesome characteristics. First, these incidents are becoming more frequent. Second, when they occur, they are far more expensive for the victims than are the other causes. Investigating these incidents carries more than four times the cost of tracing back to email errors and misplaced paper files.
The impact of a data breach on a business can be enormous. The Ponemon Institute's 2014 Cost of Data Breach Study said that the average cost of a breach to a company was $3.5 million, a 15% increase over the previous year.
The damage goes beyond repair and restitution; data breaches can chase customers away. A study of consumers in 24 countries found that nearly one in five had been victims of data breaches. More than a third of the victims said the breaches had caused them to stop doing business with those companies. Almost half said they were warning friends and family about sharing information with them.
Below are five things organizations can do to help prevent data breaches.
- Encrypt the data on all devices, especially smart phones and tablets. Beazley found that organizations could have prevented three-quarters of all the breaches it handled in a single year by encrypting devices.
- Automate the process of updating software to fix security gaps. When a new version of a program is released, devices and servers should update automatically to address vulnerabilities without staff having to remember.
- Require users to create complex passwords, and enforce this requirement. Hackers use programs that can uncover passwords that are simple dictionary words. Passwords should have a combination of letters, numbers and special characters.
- Train employees to spot emails that are disguised attempts to get confidential information. Some emails appear to be from a trustworthy source, but they ask for user ID's, passwords, PIN's, and other information that the real source would not need.
- Review all emails before sending them. Senders should verify that the address is correct and should be certain that the contents of the message and attachments should be sent to that recipient.
The Internet is an essential tool for business, but it obviously has its risks. While no organization can be completely immune from data breaches, following these steps will greatly reduce the odds of one happening.
Cyber Liability insurance has become an essential component of a risk management program. We have strong relationships with insurance carriers that specialize in cyber liability policies, and look forward to discussing this with you. Cyber Liability insurance will give you the peace of mind so you can focus on continuing to grow your business. Please contact your account manager at Provider Group for a quote, 781-444-0347. Alternatively contact Patrick Darcey, CIC at 401-671-6355 or pdarcey@providerig.com.