It’s a harsh reality: attackers of corporate IT change their tactics every day. The bad guys are one step ahead, becoming more clever all the time. We’re forced to catch up. Let’s examine ways you can proactively reduce your risk of a data breach.
A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.
A recent example describes people getting speeding tickets that are sent from spoofed Police Department email addresses in Philadelphia so that malware can be downloaded.
These transactional opportunities are nearly limitless when you start to think like a hacker. Couple that with the sheer volume of people they can target; rest assured they make a good living.
The risks companies face today are real:
- 75% of organizations were breached last year.
- The average cost paid for each lost or stolen record containing sensitive and confidential information increased 6 percent, jumping from $145 in 2014 to $154 in 2015, according to a Ponemon Institute research study. (You can read more at 2015 Cost of Data Breach Study: Global Analysis.)
- 82% of all data breaches are a result of employee misuse or error.
Security Audits and Other Steps to Reduce Risks
There are precautionary and measurable actions that can drastically reduce the risk of a successful hack on your domain.
- Educate Your Staff
Security training should be built into your annual IT initiatives so that employees know what’s trending in social engineering — and how to maintain a secure corporate account.
- “Own” Your Devices
Bring Your Own Device (BYOD) is commonplace in many industries. The cloud allows users to log in from any device. Less common though are policies and management platforms that can enforce device settings and allow the ability to wipe data remotely if lost or stolen.
- Put Security in Place Now, Not After an Attack has Happened
Please don’t wait for an attack to react. Planning for security may not have been a part of your budget planning, but it will be more costly after the damage has been done. Whether you do the work internally or work with a partner, security should be a focus.
You can also minimize your risk by undergoing a security audit for your domain, Google Apps for Work or other SaaS application. Onix can provide a comprehensive analysis of your system, optimization of your email architecture, change management services and security training for employees to ensure that you’ve addressed vulnerable areas.
The reality is, you will never be able to prevent all attacks. These masterminds are becoming more creative with many vectors to infiltrate your business. If they can’t penetrate the point-of-sales in big box stores, they will target the store employee who doesn’t have 2-factor authentication enabled on his or her smart phone. The key for corporate IT is to manage and minimize the risks as much as possible.