How to Prevent a Data Breach at Your Company
If you’re reading this, then you likely already know the dangers of data breaches for companies of all sizes. In 2014, the average cost of an organizational data breach was $5.4M, with each individual compromised record costing between $191 and $201, on average. And that’s not including the immeasurable costs to company integrity, public relations, and future sales. So kudos for researching the topic.
How to Prevent a Data Breach at Your Company
The stakes are high with data security, but there are ways to plug security loopholes. To help prevent a data breach at your company, take the following data security tips to heart:
- Look Beyond IT
- Educate Employees
- Prepare a Business Continuity Plan
- Data Minimization
- Assess - Periodically
- Understand Your Mobile Workers…and Vice Versa
- Update, Update, Update
- Seek Professional Help
Look Beyond IT
IT departments generally do what they can to protect data, but without overarching employee policies in place that embrace security company-wide, they can only do so much. Implement the forced password strengths protocols they recommend, notify IT of employee terminations and exits, employ on- and off-site data storage, and employ physical security protocols alongside digital ones.
As per point #1, IT is only able to do what they can. But at the end of the day your precious data needs to be in the hands of certain employees. Be sure to train employees who are privy to secured data on procedures for issues like lost/stolen laptops and smartphones, password protection, and other data security issues.
Prepare a Business Continuity Plan
Plugging every security loophole takes a continuous concerted effort over time, but even those efforts can gloss over microscopic security issues. To deal with this possible issue, leverage a business continuity and data recovery plan: one of the biggest expenses of a data breach is not the breach itself, but the data loss and decreased productivity during recovery. The particulars of this plan need to be organization specific—for guidance on a plan contact us for recommendations.
Simply put, hackers can’t steal what isn’t there. Are you collecting personal data that you don’t truly need? If so, scrub it from your system and change your data input procedures so that you don’t store pertinent but unrequired data in the future. If you need the data but only for a short period of time, then introduce non-critical purging procedures.
In addition to not taking non-critical data, reduce the quantity of places you store that data and the amount of people you give access to. If you have a large number of employees with access to secure data, you may want to consider granting access on an ‘as-needed’ basis.
Assess - Periodically
Your network may have been practically bulletproof a year ago, but security fades over time. New attacks become commonplace and old security protocols become obsolete. A periodic assessment of your (data) security is the only way to ensure that your security front isn’t decaying into obsolescence.
Understand Your Mobile Workers…and Vice Versa
Mobile workforces require different data security than in-house workers. Be especially attuned to that. But, in addition to understanding how your mobile workers operate, make sure they understand how you operate. Thoroughly inform your mobile workers about your data security standards, and then train them accordingly.
If your data isn’t encrypted, first and foremost make sure that it is. Also ensure that it is layered into your security strategy, as encryption alone isn’t always enough.
Update, Update, Update
While updates and patches can be the bane of the IT department’s existence, failure to execute them across all your devices can be disastrous. And when we say all your devices we mean it - because you’d be amazed how many devices are connected to your network that don’t have recent patches. If you’re curious how many unpatched devices you have currently on your network, we can show you. Very few networks have 100% of devices up-to-date on updates and patches, and a network is only as strong as its weakest link.
Seek Professional Help
Before you lose your mind to network security and head to a shrink, we advise you to hire a data security expert (and we’re not just saying that because we have in-house data-security experts). A third-party expert provides an arm’s-length analysis of your network by neutral and thorough parties. In addition to finding network insecurities, with a thorough action plan, an expert can also help to reduce the cost of each breached data record by $20 or more. This savings - per record - adds up quickly for medium- and large-scale breaches.