Data breaches can harm both consumers and companies. As a result of an identity theft or credit card fraud, consumers are required to suspend their accounts, until the matter is settled. This “inactive” period directly impacts banks and retailers. Following these steps, companies have more chances to discourage or inhibit future data breaches.
Dashing before the public sector and retail, healthcare is the most vulnerable industry. According to a study conducted by Ponemon Institute and IBM, it has the highest cost per stolen record, $363 in average. As Caleb Barlow, vice president of IBM Security puts it bluntly, “on the dark side of the Internet, you can buy stolen credit card data for as cheap as 1$, but health care records easily sell for $50”. The numbers show that the majority of data breaches nowadays are caused by malware or criminal attacks and not human error or software inconsistencies, like in the past.
Five Rules of Preparedness
In a nutshell, the data breach prevention is based on data minimization. In other words, no one can steal what you don’t have. The rules are simple and effective:
- You shouldn’t gather data that you don’t need.
- Restrict the number of data storages.
- Introduce the “need to know” rule among your employees who access sensitive data.
- Keep the record of employees who have access to the data.
- Dispose of the data responsibly once it becomes irrelevant for your company.
In order to successfully eliminate the in-house threats, the company security must look beyond the IT department. It should work together with the HR department to tackle employee exit strategies, assess remote project protocol, and fixed and mobile data storage practices. When the current situation is evaluated, the company needs to bring new policies and procedures that will match the findings.
Train Your Staff
A company needs to maintain the same data security standards no matter of the data location. This means that mobile workers need to be trained in using latest security and authentication software on their mobile devices. They also need to be instructed in unambiguous security policies and procedures in the case of stolen or lost devices.
Hire a Third-Party Expert
As stated by one of industry leaders SecureLink, the benefit of having a neutral party doing your risk and exposure analysis is that the results will be objective and credible. In this way you are taking the pressure off your staff, who otherwise might worry about their prospects and careers if an irregularity is revealed. If you decide to hire remote support, make sure that you choose a reputable company with a successful client list.
Don’t Let Your Partner’s Mistake Cost You
From the very beginning, you need to introduce your third party service providers and partners with your security requirements, and ask that they follow the suit in accordance with state regulations. Your organization should ensure 24/7 control of data, especially the outsourced data storage and services. Encryption alone does little to deter professionals from breaking into your data storage. You need a strategy that will include your employees, policies and procedures, as well as independent data security consultants to put these into effect.
Photo credit: Leo Hidalgo