Businesses run on getting and using data and information like customer names, addresses, phone numbers, passwords, and payment information. There is also a great deal of internal data required for the day-to-day management of businesses, such as employee records, IDs, network passwords, patents, and other corporate intellectual property. All of this data is something hackers want to get their hands, and so there is no escaping the growing need to improve business data security for businesses of all sizes. Not doing so is becoming riskier and costlier each year.
According to Ponemon’s “Cost of a Data Breach Report 2019,” the probability that a business will experience some form of data breach in the next two years has risen from 22.6% in 2014 to 29.6% in 2019. That’s a 31% risk factor increase in just five years.
The cost of a breach continues to rise as well — the average cost of a breach in the United States is $8.2 million. That is 4% higher than in 2018 and 61% higher than the global average cost per breach.
Costs of a breach cover a number of activities, from identifying that it has occurred to contacting those affected, paying regulatory fines, and of course, loss of business. Based on cost per employee, smaller businesses can suffer disproportionately more cost ($3,533 per employee for organizations of 500 – 1,000 employees) than larger enterprises ($204 per employee for organizations with more than 25,000 employees). According to statistics collected by “Small Business Trends,” 60% of small companies are out of business within six months of a cyberattack. On top of all that, McAfee, a leading antivirus provider reports that more than 480 new high-tech cyberthreats are introduced every minute.
These are all sobering statistics. Yet, here are some of the things any business, large or small, can do to reduce the risk of a data breach and help reduce the cost of one if it happens:
- Create a business data security policy covering which data is considered sensitive, the methods and processes in place to secure that information, and how you will keep the security policy current.
- Regularly train employees on company security policies and processes. Most breaches occur because an employee does something they weren’t supposed to do like open a file from a suspicious or unfamiliar email, download customer information to a USB drive and leave it somewhere, or send a job to a printer then forget to pick up the print from the exit tray.
- Use secure passwords and change them regularly.
- Use and enforce authentication on any device or service connected to the network. This covers printers and MFPs along with laptops and PCs. Multifactor authentication is even better.
- Encrypt files that contain sensitive information.
- Make sure a firewall is present, all network devices are behind that firewall, and anti-virus/anti-malware software is activated in the device.
- Patch and update software and firmware on devices such as printers and MFPs as soon as those patches and updates become available. Additionally, make sure that any firmware or updates to applications running on a device have a digital signature certifying they are from the manufacturer of the device. Finally, monitor and automate those tasks
- Use devices that, at startup, verify that their boot code, operating system, and applications running on the device have not been compromised and if they have, issue a warning and not startup.
- Shred files that are at the end of their life and not needed any longer. This includes shredding of physical documents and digital shredding of documents on hard drives of devices.
- Have a response plan if a breach does occur. How will you contact those affected, how will you recover the data, how will you regain customer and employee trust?
The risk of a data breach will always be present. However, with planning and foresight, the risk and accompanying costs can be reduced.