There was a 49% increase in data breaches and a 78% boost in the number of data records stolen or lost in 2014, compared to 2013. This equates to 32 records being lost or stolen every second. It’s not surprising, therefore, that worries about data has lead to the Safe Harbor agreement – whereby data is passed freely between EU countries and the US, as the US regulations on data are much more lenient – has this month being ruled out to stop customer data being passed so easily overseas.
The world is becoming increasingly digital, with offices becoming paper-less, moving to digital to make and receive payments, using digital platforms to communicate, and also relying more and more on technology to collect and hold data. And although seemingly more efficient, if a data breach occurs it could potentially have a devastating effect on a business.
Here, I will share my advice to businesses that might be concerned about the possibility of a data breach.
How a data breach can happen
There are a lot of ways that a data breach can occur, but there are some that are more common than others – and businesses might be shocked at how even the smallest thing could leave them open to an attack on their data.
Weak passwords
Hacking still remains the biggest cause of data attacks – and it isn’t just done through clever coding like many assume. A hacker doesn’t actually rely on a user finding vulnerabilities in an application to tunnel their way in. Weak passwords are one of the easiest things to change to offer a level of protection.
Not updating software
Falling behind on updating software can leave a business vulnerable to an attack on its data. Hackers can easily exploit software applications that are poorly written, old, or not completely up to date. By not updating software as soon as an update is available, a business is leaving itself open to hackers finding holes in the software to abuse, as hackers will actively target businesses around the time of an update.
Insider threats
Although a lot of business people think attacks always stem from external causes, it’s surprising how many come from inside a company. As a business, it’s more than likely that you regularly trust employees and contractors with important passwords and data information. In an ideal world, this is fine. But in reality, there’s not much stopping them from copying, altering, or stealing this information. Passwords should, as a rule, be shared with as few people as possible.
What to do if you’re worried about a data breach
It’s normal to have concerns about your business’ data, especially if there are a lot of people within your company that have access to it. By taking note of the above points and ensuring they are all borne in mind at all times, you’ll be shutting yourself off from some of the most common ways that a data breach can happen.
Also taking the following steps will further reduce the chances of your business being attacked:
- Ensure employees are vigilant and change their passwords often
- Install effective malware solutions, particularly on devices that access sensitive data
- Don’t forget to protect mobile devices – especially as workers increasingly work remotely from the office
- Virtual data rooms should be used to store and distribute documents
What to do if you suffer a data breach
Unfortunately, as long as businesses keep data digitally, there will always be a certain level of risk of a data breach. The data breach suffered by eBay in May 2014, in which 145 million customers’ personal details were stolen, proves that even tech giants aren’t immune. So it’s important to point out that no business is completely protected from hackers. To try and minimize the effects on a business though, always ensure you backup your data, so that if it is in some way compromised, you at least have access to backup files.
It’s also unfortunate that, not only will suffering a data breach have an effect on a business, but you can get fined for it if it’s serious, too. The Information Commissioner’s Office (ICO) often judges that, if you endanger customers’ personal information by not taking basic security measures, then you will get fined - whether this is for transporting unencrypted data or leaving your businesses servers open to a hack. It’s not surprising that it’s a common worry for businesses due to the effect it can have on their bottom line. A massive 72% of businesses that suffer a major data breach shut down within 24 months.
But what do you do if it happens to you?
It’s important to keep customers and brand reputation at the front of your mind if you’re unlucky enough to suffer a data breach and need to respond. Often, organisational stakeholders, external stakeholders such as shareholders, customers, vendors, and regulators will all need to be interacted with. And at a time of high-pressure with little time, the stakes are high.
You must have a rehearsed response to a data breach ready, which can be modified depending on the situation. Remember, often how a breach is dealt with can have more damage on a company than the breach itself. Whilst you will have experts on hand dealing with the behind-the-scenes issues and securing the data after the breach, you need to be on hand to respond to anyone that requires answers. Build messages of transparency within your business and to the public, and communicate calmly and efficiently.
As data breaches, sadly, become increasingly common within businesses, organisations that provide a clear and concise message following a breach will be pitched far ahead of those that come across unsure or confused.
By Daniel Foster, technical director at hosting company and domain name registrar 34SP.com
