The statistics about data breaches continue to be staggering, according to the Ponemon Institute – and they’re only getting worse (sorry to be the bearer of bad news). Did you know that:
- 17% of senior executives don’t know if their organization has even suffered a data breach in the last 12 months?
- 59% of data breaches in the last year were caused by employee negligence?
- It takes one full year to restore a company’s reputation after a data breach?
- The average cost of each compromised record in a data breach is $217?
According to Verizon’s 2017 Data Breach Investigations Report, the biggest cause of a data breach involves hacking (followed closely by malware). Here are the most common types of data breaches:
- Unauthorized network access: An attacker infiltrates through a system’s weak point (an outdated server, equipment with little or no security, etc.), an inadequately protected WiFi connection, equipment that still use default passwords, or a system or software with known security issues that haven’t been addressed.
- Social engineering: Attacks that may not seem like “attacks” at all (attackers send employees an email that encourages them to take an action that results in downloading malware or a Trojan app, for example).
- Lost/stolen devices: Attacks that involve unencrypted laptops, USB drives, or hard drives being taken (or being left somewhere for someone to take). From this hardware, an attacker can search for sensitive data. This type of data breach can also involve documents that are sent to the wrong person or organization.
These tips, provided to us by OneBeacon Technology Insurance, an NSCA business accelerator, will help you avoid common mistakes that often lead to data breaches.
1. Train Your People
Make sure that everyone in your organization knows why cybersecurity is important – and what a data breach could do to business (and even to employees’ personal lives, if certain data is compromised). Train employees on what to look for in social engineering attacks, how to establish strong passwords, and how to report anything that looks like a potential attack.
2. Develop Appropriate Policies
Follow ISO 17799 international standards for information security management practices. They detail recommended methods for reporting information security events and weaknesses; managing information security incidents, improvements, responsibilities, and procedures; lessons learned; and collecting evidence in a data breach.
3. Use Available Technology
There are many solutions available to help businesses prevent data breaches. You can start by:
- Restricting access control to certain parts of the network
- Using antivirus and intrusion detection software
- Keeping all software updated
- Encrypting devices
- Developing BYOD policies and procedures to ensure security
- Implementing a device inventory, tracking, and monitoring process
- Supporting two-factor authentication
- Regularly backing up your data in a secure location
4. Invest in Insurance
There is technology insurance available that can protect you – and your clients – in the event of a data breach. The cybersecurity framework analysis typically used by technology insurance underwriters involves:
- The insured’s understanding of exposure
- The safeguards put in place to protect against a data breach
- The company’s ability to detect a data breach
- Appropriate response plans in place to react to a data breach
- The ability to restore services and data after a breach
To learn more about data breach causes, HIPAA regulatory guidance, information risk management, and data breach response plans, view this archived webinar presented by OneBeacon Technology Insurance: More than Just Cyber Liability.
If you have questions about technology insurance, contact us!
Image by: lekkyjustdoit
