Every few months, another major data breach makes headlines, reminding us that cyber criminals remain a real and growing threat to businesses and private individuals. Despite these constant reminders, most businesses still have little or no protection from cyber security threats. As a result, the scale and frequency of cyber attacks has continued to grow in recent years.
Globally, the average cost of a data breach is $3.86 million USD. While individual impacts vary widely, with larger businesses taking much bigger losses, the impact of any data breach on a business’ cash flow stability can be devastating. Worse, a data breach can ruin a business’ reputation, and make its customers less willing to provide critical data. As a result, a data breach can not only directly impact a business’ available working capital, it can also impact its immediate earning potential, and its future growth.
Understanding how data breaches happen
Before they can effectively protect themselves, businesses need to understand how data breaches happen. Criminals use a wide variety of methods to access sensitive business or personal data, as well as to directly steal money from victims. Most common among these are social engineering, hacking, phishing, DDoS attacks, and ransomware. While some cyber criminals engineer viruses and malware to crack passwords or create backdoors into secure systems that allow them access to data, or use a cyber attack to interfere with your system to use as leverage for extortion, others rely on entirely mundane methods. That might mean simply calling on the phone and impersonating an employee to get passwords or other sensitive information.
A cyber attack can come in the form of an email, a phone call, a USB drive, a link on a website, an advertisement, or out of nowhere. It’s specifically because there are so many different ways to steal data, that makes it so difficult to protect yourself and your business from this kind of attack.
A third of security breaches are accidental, due to human error
Fully a third of data breaches were not the result of any malicious attack, but simple human error. Employees simply cc’d the wrong person in an email, attached the wrong documents, or failed to redact sensitive information from key documents before sharing them.
Businesses need to address data security comprehensively
For many businesses, cybersecurity measures are extremely basic, often extending no further than a basic virus scanner, and instructions that employees avoid clicking links in suspicious emails. If businesses want to get serious about stopping costly data breaches, they need to attack the issue from multiple angles.
Provide security training
The most preventable type of data security breaches are those based on simple human error. Businesses need to take the time to create security procedures, and train employees in how to handle sensitive data. That means not only teaching them how to identify suspicious emails, but also exactly how to store and transmit information in-house, as well as to third parties without accidentally exposing it to the wrong recipients. Additionally, it means ensuring that all team members are aware of the different ways that people can attempt to access sensitive information, so that they won’t be caught off guard by someone attempting to scam them over the phone or in person.
Purge sensitive data regularly
Part of the reason that data breaches are so incredibly expensive to businesses is because of the sheer amount of data criminals can often access with a single successful breach. The data recovered often gives them the information they need to access other systems to steal even more data. Worse, if a business such as an online retailer, which stores consumer data, is hacked, it can effectively expose thousands or millions of individuals.
To limit the scope of any such attack, and prevent this dangerous knock-on effect, businesses need to regularly purge their sensitive data. Anything that isn’t currently in use should be kept offline, or deleted entirely.
Come up with action plans
Cyber criminals often rely on shock and panic to get them what they want. DDoS attacks and ransomware, for example, are both used to prevent a business from operating properly until it pays the criminal a fee. Not knowing what to do, and losing revenue every second that its systems are down, businesses nearly always pay.
Ransomware and DDoS attacks can both be rendered mostly inert with the proper preparation and investment. Working with a cybersecurity professional, businesses can come up with answers to these kinds of attacks, so that their operations can’t be interrupted as easily, and so that they can’t be extorted without much greater effort and cost on the part of the criminal.
Businesses often view cybersecurity as either futile, or too abstract or complicated to be concerned with. Because of that, attacks are becoming more common every year, and enjoy a very high success rate. To fight back, businesses need to understand how cyber crime works, and be willing to put forth the same kind of effort and investment that they would put into preventing more mundane crime.