Want To Protect A Thriving Business? Focus On Data Security
December 23, 2021
Have you ever wondered – How much data is produced on a daily basis, and how secure is it? The numbers are staggering. Have you ever considered how much data your organization creates, how you control access to it, and how you protect it?
According to a study by SG Analytics, 2.5 quintillion bytes of data are created every single day. At the same time, 64% of companies worldwide fall victims to cyber-attacks, with an average cost of $2.6 million dollars.
Whether you run a small business or large corporation, data is a critical component, and in some, if not most cases, your intellectual property (IP) . It drives every aspect of an organization, whether it is used for planning, developing, and implementing a business strategy, aligning your technology with your products and services, or keeping your human capital engaged and thriving throughout the process.
Regardless of how data is used across your organization, data security should be considered and implemented as a top priority to avoid any security breaches. The number one rules is to safeguard yourself, and your customers, from becoming the victim of a cyber-attack through strong data governance policies.
Data Security – Every Business Needs It!
Many companies have faced major security problems in recent years, forcing business owners and leaders to view data security protocols and procedures as a vital aspect of their business strategy in protecting their data from cyber threats. If they don’t, then the inevitable will happen, internal and external data leakage and breaches.
According to PurpleSec research, the COVID-19 pandemic has increased cybercrime by 600%. Furthermore, the graph below by Statista highlights the annual number of data breaches and subsequently, the exposed records in the United States from 2005-2020
Consider the following impacts on your business of a cyber-attack:
- Data Leaks Negatively Impacts Your Business Reputation – Your reputation is what brings clients back to you, and no matter what amount of time you have spent in building a positive brand in the marketplace, one data leak can ruin an organization in a matter of minutes. Every organization is responsible for securing their client and employee records and transactions no matter what and failing to do so can jeopardize not only the company’s future and reputation, but also tie itself up in litigation, and threaten its financial viability.
- Penalties, Fines, and Repayments– A report from Kaspersky Lab suggests a single data breach could cost as much as $46,000 for small businesses and up to $620,000 for enterprises. As more and more organizations now have the ability to operate on a global scale, the cost of a breach on your business as an unplanned, and obviously an unbudgeted, expense. These costs can includes anything from legal fees, fines, auditing services, customer repayments, and other unexpected monetary losses. Incorporating data security into your day-to-day business operation begins to help curtail these unnecessary expenses.
- Cyber Criminals Never Rest, So You Can’t Either – As technology continues to evolve at a faster and faster pace, and our work habits are evolving (Work from Home, accessing corporate resources from any device/from anywhere, etc.), the lines between personal and business get blurred. Organizations that don’t adapt to this new environment and stay comfortable with the status quo – are falsely thinking that the measures you put in place 1, 3, or 5 years ago will keep you and your business protected indefinitely. The problem is that cyber criminals are always looking to, and devising more sophisticated techniques to circumvent your security measures. You’ll typically see this in the form of phishing scams, spam email or instant messages, and bogus websites to deliver dangerous malware to your computer and compromise your company’s security. If you aren’t constantly updating and investing in your data security, you easily become a prime target for a cyber-criminal.
Approaches to Improve Your Company’s Data Privacy and Cybersecurity Strategy
With more people working remotely, many organizations are seeing a significant increase in ransomware activity. The internet-centric, and now co-mingled, environments of the office and home have introduced a new set of security vulnerabilities. A report by Malwarebytes states that more than 20% of cybersecurity leaders have reported that they experienced a security breach because of a remote worker in 2020. The best approach to take is to consider a home office as an extension of your corporate office and physically (Firewall, WiFi, etc.) secure it using the same policies you follow inside you main offices.
Here are simple ways to improve your company’s data security and cybersecurity today:
- Document, Communicate and Monitor Compliance of Your Data Destruction Policy – Organizations, especially those in the healthcare, finance, education, and government segments, deal with huge amounts of sensitive information as a necessary component of their operations. Having a documented information disposal policy documented and communicated to all employees enables organizations to archive stale data in a secure location and shred printed data in a timely manner in accordance with local, state, and federal laws, as well as corporate policy. The key here is also to monitor the implementation and compliance of that policy to ensure the utmost level of security with regards to this data.
- Enable Data and Device Encryption – The advent of COVID-19 and the escalation of remote work has significantly increased the risk of data loss that many organizations were not equipped to address. Employees frequently work and store data on their mobile or personal devices without necessarily thinking about whether these devices are secured and adhere to corporate policies. According to a RiskBased security report, approximately 36 billion corporate records were breached during the first half of 2020, and nearly two-thirds of all organizations have more than 1,000 sensitive files open to every employee according to a Varonis’ financial data risk report. These stunning statistics emphasize the significance of implementing device and data encryption policies within your organization. Even if you are an organization that does not have a lot of remote workers, the threat still exists even within your own four office walls because employees aren’t always mindful of the ways in which they are accessing company data. They usually consider only the ease of use for themselves and not always the security and risk aspects of their device choice or access point. Enabling encryption with all of your organization’s data will help avoid costly data breaches and loss.
- Shore Up Password Rules and Authentication – A first line of defense in strengthening your data and device security is to mandate a password policy defining the use of strong passwords on sensitive data and devices as well as to enact multi-factor authentication for all users. While users may not be excited about it, requiring a certain level of password strength can safeguard your organization’s data against unauthorized access from malicious software and hackers. Additionally, according to a Data Breach Investigations Report, password dumping is one of the most common types of cyberattacks, accounting for approximately 81 % of all breaches that used stolen or weak passwords. This study emphasizes that passwords alone are insufficient to keep all of your business accounts secure and protected, so incorporating MFA (Multi Factor Authentication) helps you protect sensitive data by adding an extra layer of security. Strong passwords and MFA working together strengthens your network exponentially and neither should be used exclusively over the other.
- Conduct Regular Risk Assessments – Conducting thorough risk assessments on a regular basis allows the organization to identify both internal and external threats, as well as assess their potential influence on data availability, confidentiality, and integrity. It is important to make sure that your assessment framework takes into account a full 360° view of all vulnerability points and should ideally be conducted by an external source to ensure an unbiased viewpoint. As we mentioned above, since cyber criminals are always looking for new way to access data, it is critical that you run your assessments on a regular basis and then use the resulting information, to manage and optimize your network’s cybersecurity and data protection controls to fit your organization’s actual risk tolerance.
Data security isn’t a one-time endeavor and there is no magic wand that can ensure the complete security of your data at all times. The key is to document all plans and expectations, communicate those things and then take the steps necessary to assess and address your risk profile. However, if you think about data security as a continuous, company-wide, systematic effort that becomes an integrated part of the company culture, you will reap immense benefits across the business and limit your scope of risk.
Author: George Phipps, SVP, Quatrro Business Support Services
After spending over two decades building local through global organizations and engaging in significant M&A activities, George understands the relationship between business strategy, operational execution, and inherent risk. He has been a regular speaker at various events discussing topics ranging from strategically transitioning business models to building Microsoft practices, and has recently been published in the Utah Business Magazine and the Journal Entry. George holds dual degrees in Political Science and Economics from the University of Southern California. Learn More