No one is totally safe from the threat of cybercriminals and data breaches. “If you haven’t suffered a data breach, you’ve either been incredibly well prepared, or very, very lucky,” the 2017 Verizon Data Breach Investigations Report states. Businesses of all sizes and across all industries around the world have found themselves scrambling to do damage control in the wake of breaches as hackers continue to produce new types of malware and find new ways around cybersecurity defenses.
As of August 30, the Identity Theft Resource Center had identified a total of 956 data breaches that either took place or became public this year. Because of those breaches, approximately 19.3 million records were exposed. When a business experiences a data breach, the incident can have devastating consequences that include not only damage to the organization’s reputation, downtime, and regulatory repercussions but also financial losses.
The Cost of Cybercrime
Although glitches and simple human errors can cause the exposure of sensitive information, malicious/criminal attacks are at the root of nearly half of all data breaches (47%), according to the 2017 Cost of Data Breach Study from IBM Security and the Ponemon Institute. Breaches caused by criminal attacks also cost the most, at $156 per capita/record in 2017 (compared to $128 and $126 per capita for breaches caused by glitches and human error, respectively).
Overall, the IBM and Ponemon study (which included 419 companies around the world) found the average total cost of a data breach is $3.62 million. That estimate includes direct and indirect expenses an organization will likely have to pay in the event of a breach, including the cost of working with forensic experts, conducting internal investigations, outsourcing hotline support, and more.
Additionally, the number of records exposed/lost and the amount of time it takes for the organization to identify and contain the breach can make a big difference when it comes to the financial hit an organization takes, according to IBM and Ponemon. The more records exposed and the longer it takes to contain and identify, the higher the cost. Malicious/criminal attacks take the longest to identify (214 days) and contain (77 days) on average.
How to Reduce Your Risk Level
Given the potentially devastating financial impact of a data breach, it makes sense for businesses to make IT security a top priority. The cybersecurity threat landscape is constantly evolving, so taking proactive steps to stop hackers from accessing and exposing sensitive records is crucial.
Today’s Business Challenges:
- What should you do if your business is not bound by compliance or regulations? Businesses need to take a serious look at implementing and road mapping an IT security strategy.
- Do you have an IT Security budget? Businesses that currently have an IT budget for general IT needs should consider having a separate IT security budget.
- What is the impact to your business? Here are some questions to ask your leadership team in order to gain momentum on the IT security front:
- What will happen to your business with one breach?
- How much will one security event cost you? Your clients? Your prospects?
- How much lost productivity will you encounter during this event?
- How much will it cost you to address the breach and provide incident response around the breach?
- IT Security is too expensive to implement, how can I make my business more secure? There are some simple steps all businesses can take that have a minimal costs associate.
Simple Steps to Safeguard Businesses
Here are a few steps your organization can take to prevent data breaches and ward off cybercriminals before they strike.
1. Conduct security audits on a regular basis. At least once every year, your company should carry out a security audit to check the effectiveness of your current solutions/practices and identify any vulnerabilities. A thorough audit should involve testing to see if any of your devices is susceptible to hacking and could potentially serve as a gateway for cybercriminals seeking access to sensitive data.
2. Educate your employees. Routine awareness training to ensure your staff members are well-versed in current security policies is another great way to reduce your data breach risk. You’ll want to cover topics like guidelines for establishing strong passwords, backup and disaster recovery procedures, and remote access policies to ensure people working from home or on the go do so using secure methods.
3. Update your Windows, Firewall and Anti-Virus. Ensure that all of these items are updated regularly! Most businesses have a uniform Windows update and AV update strategy as they are automatic but ensure they are being done. As for your firewall, many businesses don’t update regularly. This leaves a major gap to security in their business.
4. Perform a Vulnerability Assessment. Vulnerability assessments are general low cost and they provide a benchmark for your business. This checks Personal Identifiable Information, (Credit Cards and Social Security Numbers), External and Internal network vulnerabilities and risks. At minimum this allows you to provide a foundation to build on. Some items you can correct yourself; while, others you should engage your IT professional.
5. Consider a managed security solution for extra protection. New cybersecurity threats emerge on a daily basis, so it can be a challenge for businesses to keep up and ensure their security solutions and practices are up-to-date. Managed security solutions from a third-party provider like email spam filtering, secure data management, next-generation firewalls, and more can help keep your IT infrastructure safe from cybercrime.
Ultimately, taking action to ward off cybercriminals and minimize your organization’s risk of a data breach can make the difference between success and shutting your doors. Failing to address vulnerabilities could have a huge impact on your business, financially and otherwise.