HIPAA Questions? Call (415) 294-5250

img

Time and again, we see the same types of data breaches being repeated. For some reason however, businesses today are spending more money trying to clean up the debris left behind from these attacks than on good security to prevent them. Maybe even more important to your business’ survival than money, a data breach can lead to a loss of clientele, loss of reputation, as well as trouble with the law.

Data Breach

With so much on the line, it is crucial to take a proactive stance when it comes to protecting your company’s data – especially when we consider that a data breach can result from something as simple as:

  • Stolen devices, laptop theft amongst the most common.
  • Loss of portable storage devices such as zip drives and hard drives.
  • The configuration of servers – everybody makes mistakes.
  • Inactive firewalls that have accidentally been switched off.
  • Patches that have not been installed promptly.
  • Passwords that are too easy to guess, such as unchanged default logins.
  • A lack of risk assessments, or even risk assessments that are not being conducted regularly.

Although preventing all potential data breaches that could come your way isn’t quite possible, it is possible to prevent the vast majority of them considering the above.

According to a study published by the Online Trust Alliance, in fact, 9 out of 10 data breaches could have been avoided without difficulty.

You may be thinking that with the hindsight that the OTA holds, this is one of those “easier said than done” situations. Wrong. The study showed that for the majority of these cases, a data breach could have been easily avoided by implementing some basic, solid security practices.

Some practices that have been recommended include:

Explore alternative data storage options – and don’t forget encryption! With the study reporting 18% of breaches coming as the result of lost or stolen devices, more secure alternatives need to be explored when it comes to storing sensitive data.

In addition, data encryption is a basic and very proactive security measure to take that will help you ensure sensitive data protected – even if it does fall into the wrong hands.

  • Install software patches when they are released. Patches, as well as upgrades, are released for a reason. If patches are not installed promptly and software is not upgraded, not only are you risking the efficiency of your technology, but also the security of your data.
  • Don’t just update your technology – update your staff, too! As much as you rely on your technology, you also rely on the people who run it. Considering that a very large amount of data breaches are a result of human error, it’s important to educate your staff on how to identify social engineering scams, as well as create things like anti-phishing strategies with them.
  • With social engineering schemes being used successfully in 11% of breaches, this could truly make a huge difference.
  • Conduct risk assessments regularly. Fully comprehensive risk assessments, done regularly, can help you maintain awareness when it comes to potential threats – which in turn can help you in taking a more proactive stance.
  • Implement tighter controls over the data employees are allowed to access. From company insiders to ex-employees – from carelessness to malicious intent; all it takes is one employee to compromise all of your company’s security efforts. In the OTA’s study, 29% of data breaches were caused by employees stealing or leaking data.

Although the OTA’s study was conducted with information gathered in 2014, similar and more recent studies reveal the same errors being made time and time again. As unfortunate as it is to say, the study is just as relevant in 2016 – if not more so.

A set of basic, solid security practices is all it takes in order for your company to avoid 90% of data breaches and their devastating effects.