All you have to do is read the news on a daily basis and chances are you will hear about yet another company that has fallen victim to a data breach. The average cost of a data breach in 2017 is $3.62 million globally and $7.35 million in the U.S, which is at an all time high, according to a study conducted the Ponemon Institute. These are big numbers and scary statistics and although there is no such thing as a totally secure system, there are several things you can do to reduce the chances of your business being one of the next victims.
Keep software updated
If you have read about any of the multitudes of data breaches occurring globally, the most common thing you will find is that most of the victims were lax when it came to updating the company software. Most did not neglect this duty because they didn’t care. Generally, being complacent when it comes to keeping software updated has more to do with the time, effort, and cost involved. Software companies are constantly updating their software in response to bugs and security flaws and keeping up can be a difficult task at best for most businesses.
However, what businesses need to realize is the costs of not updating software on a regular basis. The average cost to U.S. organizations per record compromised, according to the study sited above, is $225 and it is much higher if you are a healthcare organization. With these numbers fresh in your mind, you must realize that it is far more expensive to deal with and recover from a data breach than it is to try and prevent one from happening.
All businesses, and individuals too, should be vigilant about checking for software updates on a regular basis. Yes, it takes time and sometimes money, if you need to buy updated software, but a data breach will cost much more than the time, money, and effort to update. At a minimum it will cost time, money, and effort. At its worst it can cost your business its reputation and/or it can close your doors permanently.
Keep hardware updated
This one goes right along with keeping your software updated. Hardware, too, is constantly updated and there will come a time in every piece of hardware that your business runs when it will have to be replaced. Computers, printers, routers, network infrastructure, servers, etcetera will eventually become obsolete and need to be replaced. Once a manufacturer puts out a few newer versions of their hardware usually, at some point, they will discontinue support and updates for older versions. The average life span of hardware is generally said to be three to five years though security hardware tends to need to be upgraded in less time than that, more like three years or less.
In addition to needing to be updated, most hardware has a max time to failure timeline, which is the estimated time before the hardware will fail. Even though you might be thinking “Well, I’ve had this hardware for five years and it’s still working well. Why should I replace it?” the fact is that at that point it could and probably will fail sooner than you think. It is best to replace with updated hardware before this becomes an issue. For more information on the typical life expectancy read this article here.
Again, yes, it is an expense but waiting until there is a failure or a security breach due to outdated hardware will be more expensive than staying on top of things from the beginning. Most data breaches happen because organizations either do not update/replace their software and/or hardware. Don’t be one of those companies that feels the pain of neglecting this very important security measure.
Secure Your Networks
If you are running a business then it is likely that you have an IT department or an IT service that takes care of your networks’ security. However, you still need to be aware of the key security features that should be in place in order to help prevent a data breach. As the business owner, it is your responsibility to make sure your customers’ and company’s sensitive data is secure. Ignorance is not an excuse when it comes to security. Here are four basic steps you should take to make sure your networks are secure.
Use encryption. Your business’ wireless access points are one of the best ways for hackers to access sensitive data and should be secured as the first line of defense against data breaches. Make sure the company’s access points are all using encryption, preferably WPA2 and also, make sure you hide your SSID. For more information on securing your WiFi network read How To Secure Your Wireless Network here.
Use antivirus and antispyware protection. All computers in your organization should be properly protected by having active, updated antivirus and antispyware software running at all times. These programs, when kept updated, search for and stop viruses and spyware from being downloaded and activated on the company’s resources.
Use a VPN (Virtual Private Network). Virtual Private Networks allow you to access the internet via a private tunnel protecting your data from being hijacked by nefarious evildoers. VPNs also hide your activity and location when online. For more information on VPNs and how to choose one read Choosing A VPN Service For Your Business here.
Use Two-Factor Authentication. Anytime you have the opportunity to use Two-Factor Authentication, do it. It is just another layer of security that can be used quite easily. Basically, it requires a person to provide two forms of authentication before allowing them to access the network. Usually these forms of authentication are a password and a verification code that is emailed or texted to the user or password and thumbprint. Generally it’s some information they know, the password, and something they only have access to, like the verification code that is sent to them. For more information on two-factor authentication read Overview of 2-Step Verification here.
Restricting Third-Party Access
Allowing Third-Party vendors access to some of your company’s resources is usually a part of the trade off of doing business with them. In order to do their job correctly they usually need at least some access to some of your resources. The key here is that you only allow them as much access as needed to do their job and nothing more. This is called the principle of least privilege and should be strictly followed in order to ensure the security of your company’s and clients’ sensitive data.
Hold Third-Party Vendors To High Standards
When any vendor agrees to do business with your organization they should be made aware of and made to uphold your company’s strict high standards. Any vendor that does not uphold the same standards as your organization should be cut lose and replaced. When a vendor does business with another organization they are essentially committing themselves to being part of that organization and must be required to upkeep the same standards, regulations, and rules as that organization. Period!
Implementing Security Measures
All business should have a Security Incident Response Plan written and ready to implement in the event of a data breach. These security plans outline all the possible security events that could happen and have step by step instructions on how to respond to those incidents with specifics on who is responsible for each action in the plan. If a data breach should occur this plan should be implemented immediately.
Having a Security Incident Response Plan will also show your customers, the public, regulators, and investors that you take their privacy seriously and have taken the necessary steps to address data security threats. For more information on creating a Security Incident Response Plan read How To Create A Security Incident Response Plan For Your Business here.
Minimize Data Stored
Your company should make sure that it only collects the absolute minimum of data that is needed and nothing more. The more data that is collected and stored, the more damaging a data breach will be to your organization.
It is also suggested that all data be stored in the least number of places possible. Having data backed up and stored in several different places may seem like a good idea in order to make sure your company has what it needs when it needs it. However, storing data in too many places also gives hackers several places to get sensitive data from and increases the likelihood of your company having a data breach.
Lastly, make sure sensitive data is purged regularly and responsibly once your organization no longer needs it. Holding on to data that is no longer needed will increase your chances of having a data breach. The longer sensitive data is held on to the larger the statistical chances are that it will be stolen.
Educate All Employees
Data breach protection extends to every single employee in your organization and education is the best way to make sure everyone is on the same page and knows their responsibilities. These responsibilities include daily security measures and best practices and extend right up to the implementation of the Security Incident Response Plan in the event of a security breach. Every one in your organization should know what to do on a daily basis to help prevent a security incident as well as what to do in the event of a security incident. When everyone is clear about their responsibilities and what is expected of them, it reduces the chances of a data breach from happening and minimizes the damages should one occur.
React Quickly
The faster you and your employees react to a data breach the better the chances of mitigating some of the damages and costs. Having Security Incident Response Plan in place and making sure all employees are aware of the plan and their roles will help to increase the speed at which your organization responds to a data breach. Time is quite literally everything once a security incident is under way and the quicker the response the better.
Immediately after a security incident is detected make sure it is communicated to the security management team and the appropriate authorities are notified.
Following these few simple tips can help to mitigate or at least lessen the damage of a data breach in your organization. It is always best to remember that the cost of prevention is always less than the cost of repairing the damage of a data breach. Taking precautions upfront is always the best action in protecting your organization’s and customer’s sensitive data.
DataOne can help you to secure your organization’s network and lessen the chances of a data breach. Click here and contact us today to get started!