How to Prevent Data Breaches and Mitigate Security Risks
Hi!👋 Welcome to Advanced Access, where we share expert advice and best practices for managing your records and sensitive information. From guidance in picking storage vendors to the latest trends in regulatory compliance, we have got you covered throughout the entire information management lifecycle.
Click the "subscribe" button to make sure you stay up to date with our weekly posts!
These days, it seems that you can count on three things:
Death, taxes, and…data breaches.
Every day, there’s at least one headline in the news about hackers or the disingenuous among us stealing data from somewhere and/or someone that they weren’t supposed to.
Read on to learn how data breaches occur, explore various ways to mitigate security risks, and provide suggestions on tackling this pervasive issue.
How Data Breaches Occur, and What Happens Next
A data breach, defined by Trend Micro Antivirus, is “an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.”
Verizon’s 2021 Data Breach Investigations Report (DBIR) noted that breaches are most often caused by either:
The result, especially if the organization is under the jurisdiction of GDPR or CCPA, can be a staggeringly high fine. Verizon’s DBIR further reports that 95% of incidents had their fines falling between $826 and $653,587.
Between GDPR, CCPA, and hundreds of pieces of local legislation, privacy law is ubiquitous, and enforcement of those laws is only going to increase over time.
Data Breaches in 2022
Are data breaches on the rise? Yes.
Eva Velasquez, President and CEO of the Identity Theft Resource Center (ITRC) (ITRC), noted that saw "a shift with the increase in data breaches in 2021 compared to 2020, primarily because of the growing number of phishing attacks, ransomware attacks and supply chain attacks.”
To make matters worse, these breaches are getting more expensive. According to IBM's 2022 Cost of a Data Breach report, data breach costs have increased nearly 13% over the last two years. And with nearly 50% of breach costs incurring more than a year after the breach, the damages are long-lasting.
According to IBM, the global average cost of a data breach has reached an all-time high of $4.35 million.
The names of U.S. companies that have suffered from one or more data breaches in the last several years reads like the top of the NASDAQ. Instagram, Samsung, Apple, and even the IRS have had massive data breaches and/or privacy violations within the last several weeks. Rob Sobers from cybersecurity organization Varonis notes, “it’s also apparent that companies are still not prepared enough for breaches even though they are becoming more commonplace.”
The truth is that many U.S. companies ignored decades worth of warnings before the GDPR was passed by the European parliament as well as the 2-year grace period before enforcement became serious.
This doesn’t mean that data breaches are inevitable, though. While they can never be 100% prevented, the security risks can be mitigated. Here’s how:
How to Mitigate Security Risks
Control Access
Recommended by LinkedIn
Today, managing both digital documents and paper records makes information governance a challenge.
Think both Physical and Digital
Phishing, spam emails, unexpected phone calls, people you don’t recognize showing up and saying they have an appointment - all of these fall under the wide umbrella of social engineering.
Social engineering is defined by Oxford English Dictionary as “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes”. It remains a very popular method for “bad actors” to get access to information they’re not supposed to.
Going back to Verizon’s DBIR, they report “a jump in Social Engineering breaches as a pattern from last year with an overall upward trend since 2017.”
Psychology is a hard tool to overcome. This video demonstrates how we often think that what we see is what we get and, essentially, if you have a ladder, you can get in just about anywhere.
While the video plays social engineering for laughs, this makes our next point all the more important.
Educate and Involve Your Team on Security Risks
Data breach prevention isn’t something you can manage by yourself like some kind of one-person army — it takes vigilance from everyone in your organization to make sure that proprietary information is only accessed by the right people at the right time.
Everyone in your organization needs to be a part of the process and understand what a phishing email looks like, how to handle sensitive data, and more.
As we wrote in How to Build a Modern Records and Information Management Program, “Consultation is vital to engage the organization in the records plan development process. For any companywide initiative to succeed, all staff must have an opportunity to contribute to its development.”
Building an information management program to protect and govern data against breaches (that your employees will embrace) starts with three key steps:
Protecting Information Isn’t a One-time Job
That’s the end. You’re done, right? Unfortunately not.
Security and risk mitigation is an ongoing process. Once you’ve got everything written and recorded and the whole team bought in, it’s time to set up a regular audit of your processes.
If you feel your plan for preventing data breaches is not up to par or lagging behind, the most important step is simple: Start.
It may seem intimidating at first, but there’s an old adage that says, “The best time to plant a tree was 20 years ago. The second best time is now.”
So, if you haven’t already, go plant that tree.
Additional Resources
Dive into more tips on building a privacy compliance program that’s compliant now and scalable for tomorrow in our digital guide: Developing a Privacy Program That Works
Learn how to ensure your company is in compliance through automated information retention and destruction in our webinar, Simplifying Privacy and Retention Compliance with Microsoft 365 and Virgo.