Protecting Against Data Hacks and Security Breaches
The first step in protecting your organization against a cyber attack is to understand the risks. Knowing what you stand to lose will make it easier to solicit investment and meaningful participation from both upper management and ground-level staff. Learn more!
Six months into 2017, the year has already seen several high-profile security breaches make international news. Account details for more than 77 million users of the online education platform Edmodo leaked to the dark web in May. Malware installed at Chipotle restaurants in several U.S. states potentially compromised diners’ credit card data in March and April. Multiple universities and government agencies were victims of SQL injections mounted by a lone hacker in February. The list goes on and is sure to continue growing as the year progresses.
Focusing on prominent attacks such as these is good for generating headlines but doesn't fully illustrate the severity or scope of the problem. In fact, evidence suggests smaller organizations are the most vulnerable and have more to lose by not prioritizing cybersecurity. Research by Symantec found that attacks against small businesses represented a plurality of data breaches. Large organizations of 2,500 or more employees, which in 2011 accounted for 50% of all attacks, today account for only 35%.
Understanding the Risks
The first step in protecting your organization against a cyber attack is to understand the risks. Knowing what you stand to lose will make it easier to solicit investment and meaningful participation from both upper management and ground-level staff. While every organization is different, some of the most significant risks of a security breach include:
Financial loss: The majority of cyber attacks are committed with the intent of causing financial harm. While large organizations may be able to weather a one-time loss, research by the U.S. National Cyber Security Alliance found that 60% of small businesses go out of business within six months of an attack. What’s more, financial damage can take many forms. In addition to legal costs, there’s also the potential for fines and penalties, lost revenue and the need for after-the-fact IT upgrades to reduce the risk of future attacks.
Reputational damage: Consumers are increasingly educated about the dangers of doing business in the connected world. A survey by UK firm Semafone found that 86.55% of respondents were “not at all likely” or “not very likely” to work with a business that had previously compromised its customers' credit or debit card data. In addition to customers, a data hack can also erode confidence among investors, regulators and other stakeholders — potentially limiting future opportunities for your business.
Loss of business intelligence and IP: Business intelligence and intellectual property are critical assets and essential tools for growth. Compromise of either can set your organization back considerably. As well, a breach of your customers’ private information can put your organization at risk of further financial or reputational damage.
Five Ways to Prevent Data Hacks
Despite the clear incentives to do so, many organizations struggle to make informed choices when it comes to information security. Ultimately, a well-defined security posture will involve a combination of technological, cultural and procedural changes. Here are five tips for getting started.
Start With a Security Audit
A security audit is a comprehensive look at your IT infrastructure and its potential vulnerabilities. If possible, work with an outside firm that can bring an objective, unbiased perspective to these issues and help you develop a plan for moving forward.
Establish a team or individual on the ground who will be responsible for enacting corporate policies, overseeing IT security, and liaising between management and technical staff. Make it known to employees there is a single point of contact they can turn to for clarification of policies or answers to their questions.
Change the Culture First
Despite the increasing sophistication of hackers, a large percentage of security breaches are caused by user error. Training staff on issues such as password protection, data handling and phishing scams is one of the best ways to build a safer organization from the ground up.
Make Strategic Investments
Too many organizations think of cyber security as an issue they can throw money at and make go away. Reckless investment in new technology is often more of a risk than a benefit, as it creates a needlessly complex infrastructure that can be more difficult to establish transparency over. An investment in new systems or software should simplify your IT resources and make them more secure — research and due diligence are important priorities when making any purchase decision.
Implement an Information Security Management System
An information security management system is a set of scalable processes that establish and ensure the overall security posture of your organization. ISO 27001 standards provide a comprehensive framework that covers both technical and procedural information security best practices.
For more information about ISO 27001 certification or the general role quality management can play in data security, contact NQA to speak with a representative directly.