How Your Business’ Data Could Be Vulnerable: 3 Scenarios
Major data breaches are on the rise. Last summer, a Russian crime ring stole 1.2 billion username and password combinations and half a billion email addresses from various organizations around the world. According to a 2014 study by the Ponemon Institute, 36% of Canadian companies surveyed experienced a substantial attack that infiltrated networks or enterprise systems over the past year. Globally, that number was 44%. The size of a business doesn’t matter – even the biggest companies and entities can be hacked.
It’s critical to keep data sufficiently protected because the cost of a data breach can be astronomical. The global average cost of a security breach per record is just over $130, and the total average cost per data breach is about $5.4 million. These costs stem from having to patch up systems where the breach occurred, to possible restitution for those affected. Equally as impactful are the intangible costs – that of reputation and customer trust. A customer entrusts their information to you, and there’s an obligation to live up to that trust.
It isn’t necessarily just the data itself that needs to be protected, but also how a hacker can leverage access to bits of this seemingly innocuous information and piece it together, or use it to penetrate further into your system. Would you believe that human error and system problems actually account for two-thirds of all data breaches? In some cases, it can be as simple as a hacker using a single entry point – like a third-party vendor – to gain access into a company’s entire system.
To paint a clear picture, here are three scenarios that illustrate how access to unprotected data could cause a ripple effect, and become a window into more pressing breaches.
Access to a seemingly inconsequential customer name list. You keep a list of customer names in a database online. There’s no credit card information or even home addresses. Just names. Hackers find a way to gain access and grab those names, call your business posing as said persons (your loyal customers), and trick you into divulging more information about them. This information, along with anything else they are able to find out about the individuals online, helps them connect online dots and build profiles – leading to identity theft. Your company could be liable for such a breach if customers can prove negligence or sue for compensation related to damages. And either way, you’ll be liable in the public eye.
A local computer is left unprotected. Company information is stored on a secure server or in the cloud, protected through a data protection service that encrypts files before they’re stored, or has always-on, cloud-based security. You figure that’s enough, and don’t protect individual computers that don’t access sensitive information. A sneaky hacker uses one of these supposedly harmless computers to gain access to your internal office files. Once he or she is in, this back door into the system makes it easier for him or her to penetrate even further into your company’s files.
Mobile workers connect outside of the office. You have some level of data protection in the office, but haven’t addressed the need to protect devices that are used outside of the office. A mobile sales team or field worker logs into the office from a tablet or smartphone connected to an open public Wi-Fi network. A hacker easily gains access, and he’s now found a hole into your seemingly secure company data that he can exploit.
The bottom line
Today’s hackers are more sophisticated than ever, and the ways in which they can penetrate your online systems are vast. No matter the nature of your business, any data breach is a breach, and a violation of your company’s – and your customer’s – private information.
The good news is that it’s easy to get protected, and keep the hackers at bay. Security services can include always-on, cloud-based network protection, anti-malware, anti-spyware, and e-mail security, critical file backups, and loss recovery (should you need to wipe a computer, for example, due to an attack). Data protection can be achieved in a number of ways, from protecting the computer that stores the data, to encrypting the data and storing it remotely.
What measures have you taken to protect your business’ data? Tell us in the comments below.