In the past few years, data breaches at multinational companies have brought public life to a standstill. More than that, it tarnishes the respective company’s reputation, loss of credibility, and the lost opportunity to gain reputation in the fledgling market. Even though systems eventually are back up, operations are restored, but revenue is lost due to stalled services.
Data breaches wreak havoc. For consumers, whose life now is increasingly dependent on their devices comes to a halt. In December 2018, O2 mobile users’ life came to a standstill. Uber drivers couldn’t go to work and Deliveroo courier couldn’t be delivered. The chaos lasted for more than 24 hours and then O2 claimed culprit was Ericson’s expired software.
Before this, on February 2018, Google Cloud Data Store, used by enterprises including Snapchat and Pokémon Go, showed troubles and applications were out, disrupting services across continents. In the last few years, Facebook, Huawei, Marriott among others have been dragged to court for data breaches. User’s personal data is a legally valuable asset and can’t be shared without permission. Data breaches violate that rule and customer’s legal rights.
1. Gemalto, a digital security firm, says, in the first half of 2018, 4.5 billion of records were exposed due to data breaches. This amount of data is enough to crack ways through bank accounts and take out money.
2. QlikView, a risk-based security research firm, reports more than 3,800 data breaches were reported and around 4.1 billion data records were exposed.
3. Most breaches happened at small and medium companies, Qlik View reports. Small and mediums companies usually ignore cybersecurity, making them more prone to cyber-attacks.
4. In 2019, a collection of 2.7 billion records consisting of 774 million unique email addresses and 21 million unique passwords was up for sale on the web. Clearly, somebody hacked into multiple databases, downloaded them, and put the database up for sale.
But who can really tell if these breaches were accidental or due to faulty equipment? Or made purposely? Shred-it, a data and security firm, says data breaches happen due to employee negligence.
Human negligence is a major cause of data breaches. In the aforementioned instances, there could be an employee who erroneously fed in the wrong code or didn’t follow a cyber-security protocol, which led to the disasters. So here who is to blame?
1. 47 % of business leaders believe that human error is the biggest pain point in data security. Cybersecurity measures work as far as encryption and providing protection against the machine and automated threats.
2. About 25 % of employees have the habit of keeping their computers unlocked or unsupervised. Employees take security callously and are unaware of the severity of their behavior.
3. Only 14 % of companies have actually implemented a basic cybersecurity guideline, according to the cyber-security company, Symantec.
Remote work, which is increasingly becoming common among organizations is precarious, as it provides unauthorized access over home wifi or public wifi. According to a survey, over half of employers allowing remote work does not have any standing policy for remote workers or vendors. What’s more astounding? A study revealed one in five business owners after their data breaches traced the fault back to the vendor.
So question here now arises is how can organizations protect themselves against data breach?
Going by the pointers above, the first thing should be to draft a data security policy guideline. However, simply drafting a guideline would not be enough.
1. Employees receive a laptop and other devices from the IT on the first day of their joining. With time, employees install applications on their own and taking through IT and BYOD seems like a pain. Even though, downloading applications without notifying IT is an integrity issue. To ensure that only responsible employees are hired, a thorough background check is required. However, people are hardly honestly in their reviews.
2. Create a checklist of laptops and personal devices given to employees which is the access point of all office data. Have regular audits of these devices and try and keep the audits a surprise. Doing this will keep data breaches at bay.
3. Some employees may be good with technology, while some might need training. Providing is important to educate employees. Further, encouraging employees to report any issues if they spot a data breach will help.
4. Know who’s who of data accessibility will keep a check on the security of data. However, this shouldn’t translate into responsible employees giving carelessly allowing access to other people. Such behavior shouldn’t be tolerated. Insincere employees have been accounted for the biggest cyber-security threats across organizations.
5. Certain organizations allow employees to access social media and office data from the same device. Even allows accessing email on-the-go. Keeping tabs on these will keep data breaches in check.
Keeping data breaches fully checked is definitely not completely controllable. However, organizations can do their best by investing in the above measures. Overall, organizations need to develop cybersecurity policies. Talking about policies. Is your employee exit and on-boarding policies in sync with data security protocol?