Data Breach: What do you have to lose?
December 22, 2011 | By pioneer2_admin |
Every company faces security concerns, but data breaches are an alarming new trend. You likely have read recent news reports on the data breaches of large companies like Facebook, Sony, Google, and Epsilon, but have you considered your organization’s risk of a data breach, and what the impact of a breach could be? It may be larger than you realize.
A data breach occurs when Personally Identifiable Information (PII), such as social security numbers, financial data, debit or credit card information, health information, or other identifiable information is lost, stolen, viewed in an unauthorized way, or accidentally released. Potential effects of a data breach include the loss of trade secrets, proprietary information, legal and forensic costs, regulatory fees, and notification expenses. Further, loss of consumer trust and confidence could mean permanent damage to your reputation and the loss of customers. According to a recent Market Pulse survey conducted by Sailpoint, “a security breach at a financial institution or retailer can severely impact customer loyalty.” Ultimately, all consequences of a data breach could affect the profitability and solvency of an organization.
Are you at risk?
If your organization collects or stores personally identifiable information, there is an exposure to data breach. Healthcare, real estate, technology, retail, and professional service industries have increased exposure due to the frequency of collecting PII.
Information can be hacked criminally, lost by mistake or negligence, or leaked through faulty systems. Mobile devices further increase vulnerability for a data breach. Laptops, smartphones, tablets, mobile phones, and other mobile devices used by employees contribute to data breaches. Access to social networking sites on the same computers that are used to store sensitive data could also be another risk factor for a breach.
What steps can you take to prevent a data breach?
Information security should be a high priority for all organizations. Preventative measures can be taken to protect sensitive data and to minimize the risk for a data breach. In fact, Verizon’s annual data breach investigation report revealed that 96% of the data breaches that occurred this year could have been prevented through “simple or intermediate controls.”
Be proactive. Identify the PII that your organization collects and/or stores, either on paper or electronically. Develop clear and universal policies for the protection of sensitive data, and share them with all members of the organization.
Encrypt. An encryption software program should be used to protect hard drives, files, laptops, removable media, file transfers, email, and any other files containing sensitive data.
Protect wireless networks. Visit http://nvd.nist.gov to examine exploitable holes in your network. A firewall should be in place to protect remote services.
Don’t use unsecured mobile devices or networks. Take extra care to ensure that laptops, smartphones, and tablets are protected.
Limit third party contracts and agreements. Research by the Ponemon Institute suggests that 46 percent of data breaches are a result of third party mistakes. Examine contracts with associates and limit the information that is shared with third parties. Restrict access to PII to only those who must have access.
Manage risk with Data Breach Insurance. Insurance for Data Breach is available through some insurance carriers. Coverage includes 1st party response costs, such as legal and forensic services, crises management, public relations, notification expenses, good-faith advertising costs, and services for impacted consumers. 3rd party coverage is also available to cover defense and liability costs. Further, consulting services are covered to prevent data breach. Discuss this option with a licensed insurance professional.
Develop a response plan. Should a data breach occur, have a response plan in place that is readily accessible. Visit ftc.gov for more information on how to respond to a data breach.
The outlook for data breach is disturbing. Brian Nagel, Assistant Director for the U.S. Social Service warns, “Cyber-crime has evolved significantly over the last two years, from dumpster diving and credit card skimming to full-fledged online bazaars full of stolen personal and financial information.” The techniques used by criminals are increasingly sophisticated and complex. Organizations must take action to protect consumer information, or risk the costly consequences if a data breach occurs.