There has been a fair share of data breaches hitting the headlines recently, is it due to a lack of security awareness, perhaps? Or could it be a weak security infrastructure?
How was 2018 affected by data security breaches?
2018 was hit by a giant mass of data breaches, we saw companies such as Facebook and British Airways have their data stolen in a matter of seconds. These companies may have faced a data breach, but they also had to deal with unhappy customers and a diminished reputation. When a data security breach occurs in a company its not actually the companies fault, it’s usually due to a lack of security awareness and weak security infrastructure.
Superdrug was a big target to get hit by a data breach in 2018. The company admitted that their customer details had been obtained by cyber criminals, but claimed that “there is no evidence that Superdrug's system had been compromised”.
The company sent out an email to their customers claiming that the email addresses and passwords had been accessed from other websites by the hacker. The hacker has confirmed they obtained information on approximately 20,000 customers, but Superdrug has said they've only seen 386 customers data had been accessed. However, Superdrug does not appear to have reset customer passwords nor are any customers able to reset them themselves.
Dixons is another company to fall victim to a data security breach this year. The company admitted that over 10 million records had been accessed by the hacker. The electronic retailer estimated that the attack involved unauthorised access to 1.2 million personal records, when it first reported the breach in June. The company stated the records that were accessed contained personal data such as names, addresses, and emails, they also said that no financial data had been accessed.
Whilst I’ve only mentioned a few data breaches that happened last year, the list is very long and almost never-ending. So far this year, there have been over 600 data breaches, Shocking right? The question that’s on everyone’s mind is, how are these data breaches still happening? The answer is simple. Nobody is truly prepared anymore.
How does GDPR affect the growth of data breaches?
Even though GDPR has been with us now for quite a while, people assume that it will save us from data breaches. But remember, just because you compliant does not mean your safe. For too many companies “checkbox” security is the norm. Checking the box to pass compliance requirements is one thing, but, structuring a cyber security strategy is the be all and end all to surviving a data security breach, or any type of cyber attack for that matter. Whether it’s a phishing or ransomware attack, if your company is not secure and aware then there’s no hope.
Similar Read: An IT Manager's Guide To GDPR
After the many data security breaches that occurred last year things needed to change. People started to take cyber security attacks seriously, governments and organisations around the world started to invest in making their infrastructure secure. However, we not even half way through 2019, there hasn’t been much change, and things are in many ways the same. It’s quite concerning that such large organisations are still finding themselves vulnerable to data security breaches.
I think you will agree with me when I say something needs to be done. There is a major lack of understanding when it comes to security. Do your employees’ know how to spot a phishing email? Or even a potential insider threat. Data security breaches are only one of the many problems that could destroy your company. I’m sure you did not want to hear that, but the fact is, it’s true. With technology taking over and continuing to make many changes that benefit our lives, criminals will not miss any opportunities to corrupt these devices as a portal to conduct a cyber attack. Whether its a data security breach, sending out a mass of phishing emails, or even a simple social engineering attack, they will happily take the opportunity. Wherever there's data there's an opportunity for an attack.
How will a data security breach affect my business?
So, we’ve established how dangerous data security breaches can be, but how do they affect you. Let me tell you. What people tend to forget is when a data breach occurs someone was careless or unlucky enough to give an unauthorised individual access to the companies data. But wait there’s more! A data security breach can also happen because an insider deliberately lets someone gain access or the employee themselves might even be the individual conducting the attack. The impact of a data security breach really depends on the information that was stolen. It could be anything from your business email address or even your social security number. Every organisation is unique, but in terms of a data security breach, they will all be affecting in a similar way. Here are the 3 ways a data security breach can affect your company:
A data security breach tends to cost more for smaller organisations than big businesses. For a larger company the financial impact may run into the millions, but at their size, this monetary loss will not affect them as much as you think. However, for a smaller company with a lot less money, will more often than not be affected and will end up having to close. It costs an average of £38,000 for a company to fully recover from a data breach.
"More than two thirds (68%) of financial services firms said internal breaches were the most frequent type of attack they had experienced"
A security breach can affect a lot more than short-term revenue. The long-term reputation of your brand is at stake as well. Once the word gets out you’ve been hit by a data breach that could be it for your company, customers are very scarce with their money and data. When a company has been hit by a data security breach their customers will become extremely hesitant. Customers value their privacy, and more often than not breaches involve customer payment information.
Just because a company is hit with a data breach it does not mean they will never be targeted ever again, once criminals hear about the company, they will take this opportunity to attack the business themselves. The company's attention will not be on any more cyber attacks affecting them. Their only concern will be to build their reputation back up and to try and gain access to their data again.
How to prevent a data security breach
Control your employee's access to data from the beginning:
One of the best ways to prevent a data security breach is to simply not give your employees access to the data in the first place. Some employees will need access to data to carry out their day to day role, so in this situation, it would be best to monitor what data they have access to. Businesses have a tendency to give their employees access to more data than they actually need, this is when problems can occur very quickly.
Not all breaches that occur are due to forced entries. In fact, most of them are due to human error of your employees. Instead of instilling a mindset that an incident must never happen, it is best to give your employees security awareness training to locate their knowledge gaps but to also keep them educated on the various security risks to your business. Security awareness training covers all areas of security threats such as data security breaches and phishing. Training needs to keep up with the technology employees are using and the risks they face.
Along with security awareness training, phishing simulations are a great way to spot employee weaknesses straight away. Phishing itself is a problem business, and consumers deal with on a daily basis. Phishing comes in many forms. Some are very sophisticated and even undetectable. A phishing simulation allows you to phish your own employees it gives you the data you need and allows you to see which employees fell victim to the simulated phishing attack. They also allow you to spot trends and track if your employees are making any progress.
These days most people have a lot of online accounts, but only have 1-3 passwords for them. It’s simply not safe to use the same password for different accounts, although keeping track of multiple passwords can be a nightmare. Passwords are paramount to protecting yourself online. Password security, though often overlooked, plays an extremely important role when it comes to protecting your identity on the internet. After all, it keeps unauthorised users from breaking into any of your online accounts and potentially stealing your personal information.
Instead of focusing on a single type of risk, prepare your employees for the range of security threats they could potentially face at any minute.