- An anonymous hacker in a foreign country, snooping for network vulnerabilities.
- One of your mid-level managers who receives three phone calls while trying to write a single email.
Beazley found that more than half of all data breaches resulted from employee mistakes. Employees sending emails and faxes to the wrong recipients accounted for 31 percent of breaches. Another 24 percent resulted from physical loss of paper records. Theft of data from portable devices made up 13 percent. Intrusions from outside a network (what many people ordinarily consider to be "hacking") were responsible for only 11 percent of incidents. These involved the use of malicious software that spies on or damages the victims' networks.
While this last category was only the fourth most frequent cause, Beazley noted two troublesome characteristics. First, these incidents are becoming more frequent, growing by 20 percent from 2013 to 2014. Second, when they occur, they are far more expensive for the victims than are the other causes. Investigating these incidents carries more than four times the cost of tracing back to email errors and misplaced paper files.
The impact of a data breach on a business can be enormous. The Ponemon Institute's 2014 Cost of Data Breach Study said that the average cost of a breach to a company was $3.5 million, a 15 percent increase over the previous year.
The damage goes beyond repair and restitution; data breaches can chase customers away. A 2013 study of consumers in 24 countries found that nearly one in five had been victims of data breaches. More than a third of the victims said the breaches had caused them to stop doing business with those companies. Almost half said they were warning friends and family about sharing information with them.
Beazley recommends five things organizations can do to prevent data breaches.
- Encrypt the data on all devices, especially smart phones and tablets. Beazley found that organizations could have prevented three-quarters of all the breaches it handled in 2013 by encrypting devices.
- Automate the process of updating software to fix security gaps. When a new version of a program is released, devices and servers should update automatically to address vulnerabilities without staff having to remember.
- Require users to create complex passwords, and enforce this requirement. Hackers use programs that can uncover passwords that are simple dictionary words. Passwords should have a combination of letters, numbers and special characters.
- Train employees to spot emails that are disguised attempts to get confidential information. Some emails appear to be from a trustworthy source, but they ask for user ID's, passwords, PIN's, and other information that the real source would not need.
- Review all emails before sending them. Senders should verify that the address is correct and should be certain that the contents of the message and attachments should be sent to that recipient.
The Internet is an essential tool for modern business, but it has its risks. While no organization can be completely immune from data breaches, following these steps will greatly reduce the odds of one happening. They are some of the best things you can do to protect your customers and your business. Please call an agent today to discuss your cyber risk and security protection plan 314-351-HALO(4256).