Published on Mar 4, 2020 According to a recent study, 5,183 breaches occurred during the first nine months of 2019. These breaches exposed 7.9 billion records. That is a 33.3% increase in the number of breaches and a 112% increase in the number of records. An IBM report found the average cost of a data breach in the U.S. grew 130% from $3.54 million in 2006 to $8.19 million in 2019.
Calculating the cost of a data breach depends on four factors:
When all four of these factors are used to calculate the cost, it’s no wonder the financial impact has grown. Just think what the Capital One or Equifax breaches cost those companies.
Monitoring agencies have started dividing breaches based upon their root cause.
Knowing how breaches can originate is the first step in preventing them.
Most companies hear data breaches and think digital, but breaches can be physical. Paper-based information can be stolen or simply acquired because of poor information management. However, since most businesses today save and use all of their data on different systems, it is important that extra steps are taken when it comes to digital security. The services of a local IT company (for example, an it service provider in Lincoln if your business location is Nebraska or close-by) could be a better choice when looking to implement cybersecurity measures and overall IT support, as this can make communication quick and easier, allowing the business to be prepared for any unforeseen circumstances. Further, the following steps can go a long way in helping businesses prepare and avoid data breaches.
Creating an information management plan helps identify what information must be retained and for how long. It should identify the precise process for destroying unnecessary information. Designate the method of disposal for each information type and make sure sensitive data is removed before having a third-party destroy the media. A good practice when using a third-party to destroy media is to request a certificate of destruction upon completion as well.
Employees need to be trained on the latest scams and how company policies have changed to address these. Cyberattacks change, so don’t expect a one-time training session is enough. If employees are not trained on what to look for, they can’t participate in stopping an attack. Implement policies that force password changes and help employees create strong passwords.
Physical records require security, too. Make sure you keep all confidential and private information secure. Be sure to restrict access to a minimum and run background checks. Never let third-parties, including temporary workers, have access to secured data.
Most companies require a level of data sharing to function. However, that doesn’t mean open-network access. Companies should restrict the number of access points and carefully monitor any remote access capabilities. As part of the information management plan, establish levels of access according to function. Be sure to set guidelines for internet access.
Keep all software up to date. That includes applications as well as operating systems. Firewall security and network segmentation should be deployed to minimize unauthorized network access.
Countermeasures to data breaches include system backups. If a company has access to a full backup, it is much easier to contain the breach and to recover data. Backups should be maintained off-premise and off-network. This policy ensures that a cyberattack cannot disable backups as well as live systems.
Securing data is a core business process that can cost millions if not performed correctly. If you need help in putting these four best practices into place, contact Innovative Discovery. We are ready to help protect your data.
