According to Verizon’s 2015 Data Breach Investigation Report, the year 2014 saw an estimated $400 million in financial loss as a result of the 700 million records compromised in data breaches. What can $400 million dollars buy? For starters, it’ll get you America’s most expensive home on the market, twice, with a low monthly mortgage of $724,000 per month, each. Pocket change, am I right? If land is more your thing, you could purchase your own private island in the Caribbean. Maybe fifty of them, actually.
The point is, $400 million is a lot of money. Numbers like that are a stark reminder for organizations to give cybersecurity the attention it deserves, or they could be facing losses next.
How can you help ensure your organization has done its due diligence in protecting information as well as preparing for the worst? Here are three tips to help you keep a breach from happening and minimize the damages if one does.
Create an action team and practice your plan
Responding quickly in the event of a data breach is key to preventing further loss of information, so having an effective plan in place is important. Gather a team of experts from various departments that will need to react – PR, legal, financial, and IT – and make sure each member is clear on their responsibilities. It’s not enough just to create a plan; practice it, too, to make sure no details have been overlooked. Chances are you’ll need to adjust it after your team has run through it, and that’s okay. You’ll be able to rest assured that you can better handle any situations that may arise.
Collect network traffic data
Collecting your network traffic data can help you both prevent and react to a data breach. Monitoring this data will enable your organization to proactively keep an eye out for suspicious activity, such as access from countries you don’t typically have relations with. On the flipside, in the event of a breach, this data can be used to determine how your system was infiltrated and what happened after it was, helping you to quickly and more effectively respond to the breach to minimize damages.
Train your employees on security best practices
There’s an often-cited report by Forrester from 2012 that claims majority of data breaches are not, in fact, at the hands of malicious outsiders, but are instead due to internal mistakes or lapses in judgement. Although more recent studies by Verizon and Breach Level Index report those tides may be turning, we can still eliminate a substantial amount of our security threat by training our employees well on security best practices.
The most basic and obvious way employees can guard against attacks is to keep strong passwords that are varied between services they often log on to. This is a much easier feat with apps like Password Keeper which store passwords and keep them securely encrypted. Make sure employees understand that passwords to company accounts are under no circumstances to be shared. Also train employees to recognize a phishing attack, as these are still often successful at garnering information from unsuspecting victims.
In addition to the above steps, as Workflow Studios says, make sure you vet our the security of your third party vendors, and not just those who host your data. In Target’s very public breach in late 2013, attackers gained access to Target’s network and ultimately their POS terminals through their HVAC vendor.
If you have yet to be subjected to a breach in your data, NOW is the time to start preparing and protecting. By putting the three tips above into practice, you’ll be less likely to find your organization’s information someplace it doesn’t belong, and you’ll be better suited to minimize damages if you do.
Not sure where to get started on storing your content securely and efficiently? Connect with one of our business process experts below!