There’s a Very Simple Way to Avoid Most Data Breaches
(This post originally appeared on Inc.)
Have you recently suffered a data breach? A malware attack? A virus? It’s a horrible experience. It’s happened to many of us. And when it happens it’s crippling. It’s a huge cash flow issue. Your operations gets interrupted. Your data gets lost. You need to upgrade or replace hardware and software. And depending on the information exposed (credit cards, social security, health status) you could be facing not only lawsuits from your customers but scrutiny from the Federal Trade Commission.
Don’t believe me? Just ask the executives at Wyndham Hotels who were sued by the FTC and forced to settle and, according to this press release: “establish a comprehensive information security program designed to protect cardholder data – including payment card numbers, names and expiration dates” as well as conducting “annual information security audits and maintain safeguards in connections to its franchisees’ servers.”
The FTC said that Wyndham was at fault for conducting unfair trade practices and by not adequately protecting consumers’ data. “This settlement marks the end of a significant case in the FTC’s efforts to protect consumers from the harm caused by unreasonable data security,” said FTC Chairwoman Edith Ramirez in the above announcement. “Not only will it provide important protection to consumers, but the court rulings in the case have affirmed the vital role the FTC plays in this important area.”
I know, I know. Isn’t this the same government that itself seems to get hacked every other week? Well, no matter. The FTC is serious about companies taking the right steps to ensure that their customers’ data is protected. And I hate to admit it. But they’re right. We need to be doing more. Much more. It’s really not that hard.
A report released this week from the non-profit Online Trust Alliance found 91 percent of data breaches that occurred from January to August of 2015 could have easily been prevented by, for example, patching a server, encrypting data or ensuring employees do not lose their laptops. OTA analyzed thousands of breaches and found that that actual hacks accounted for 34 percent of all incidents, while 30 percent were caused by employees-accidentally or maliciously-due to a lack of internal controls. The balance of incidents can be primarily attributed to lost or stolen devices (7 percent) and social engineering/fraud (8 percent). Lost, stolen or misplaced documents accounted for 9 percent of all incidents.
Another survey of global CIOs released last week by mobile app developer POPin found that most company executives blame failed technology initiatives (that includes security tech) on a lack of employee “buy-in.” According to the survey, 52% said technology initiatives typically fail due to “slow” or “reluctant” adoption from end users. Only 23% cited budgetary issues and 17% cited lack of buy-in from senior management. Less than 8% said technology initiatives fail due to inadequate technology.
So what does this mean to business owners and executives? It means making sure that all software is up to date and operating system patches have been made. It means keeping anti-virus software current. It means having a secure and frequent process to backup data. It means letting your IT firm manage your security and relying on them to monitor your operations. It means educating your employees so that they know not to click on unknown files, secure their devices and to stay away from untrustworthy sites. It means having the right cyber-insurance policy in place just in case. And it means a heightened effort by senior managers to “buy-in” to the importance of a better security infrastructure.
It means spending money. And most of us don’t know do it. We spend our cash elsewhere. For us, our networks are out of sight, out of mind. As long as there’s no problem then everything must be fine. Until there’s a problem. And then all the cash you haven’t been spending will then be spent…multiple times over. Talk to any business person who’s been on the wrong side of a data breach or malware infection and you’ll hear a horror story. But in most cases, it’s a story that doesn’t have to happen at all. As long as we do a few simple things. And spend a little money.