Preventing Data Breaches In Your Business

Businesses today collect and store massive amounts of data about customers, employees, and competitors. This data usually stays within the confines of the company’s local network, but there are cases where it ends up in the wrong hands.

Data breaches can happen to any business, whether it’s an enterprise or a small business. The key to avoiding one is to ensure need to have a proper process for managing sensitive information.

What is a data breach?

A data breach is an incident that leads to the unauthorized release of private information such as intellectual property, personal health information (PHI), trade secrets, and personally identifiable information (PII).

Offenders commonly use data breaches to get credit card numbers, social security numbers, and healthcare histories, as well as company information, such as software source code, customer lists, and manufacturing processes.

A 2017 study by Security Metrics found that the average organization was vulnerable to security breaches for 1,549 days. What’s even more surprising is that 97% of businesses had firewalls in place at the time of compromise, and at least 15% of firewalls did not meet PCI requirements.

The longer it takes to find a breach, the higher the cost will be. Research from IBM shows that the average price of a data breach in 2016 was about $4 million. However, this cost went down to $3.62 in 2017 because the average time to detect a data breach decreased to 66 days from 70 days.

Recent data breaches

In the past ten years, there have been more than 300 data breaches involving both large and small companies.

Below are some the most notable breaches of 2017:

Yahoo

In 2013, Yahoo had a data breach that led to three billion compromised accounts. Everyone with a Yahoo account at the time was affected, but the company didn’t disclose the hack until 2017.

The breach exposed usernames, email addresses, hashed passwords, birthdays, phone numbers, as well as security questions and answers. Yahoo later confirmed that hackers were not able to get credit card information associated with each account, nor were they able to steal passwords.

Nissan

Nissan Canada is another company got hit with a data breach in 2017. Their breach mainly targeted customers that financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada and affected 1.13 million customers.

Nissan Canada found out about the data breach on December 11 but didn’t tell customers until December 21. “We immediately began taking steps to make sure the breach happened, everyone is now being contacted,” a spokesperson at Nissan Canada said.

Equifax

The Equifax data breach of 2017 was perhaps one the most publicized breaches of the year. It affected 143 million consumers and lasted from mid-May through July.

Hackers got access to people’s names, social security numbers, birth dates, addresses and, in some cases, driver’s license numbers. They also managed to steal 209,000 credit card numbers and the personal information of 182,000 people living in the United States, the UK, and Canada.

How to prevent data breaches

Below are three things we recommend you do to prevent your company from falling victim to a data breach.

Train your employees

Create procedures and policies describing how employees should manage private data and then train your employees on the rules. You should also encourage them to follow basic best practices such as logging off their computers, encrypting shared folders, and locking their offices at the end of the day.

Protect your data

Always use a safe location or device to store records of private information. Restrict this information to only employees who must have access and never allow third-party vendors or temporary employees to access private information about your customers.

Destroy unused hardware

Destroy any devices that contain private information including CDs, DVDs, and hard drives. Simply deleting your files or reformatting your hard drives will not erase all data. The best way to completely wipe everything is to use specialized software or hire a professional.

At Securis, we have a team of experts who can help you safely dispose of private customer information from your hard drives using best practices and procedures. Contact us today to learn more about our services.

 

Is It Better to Repair or Replace Devices?

If you take a look at the most popular devices today, you’ll notice that most, if not all, of them, are very hard to repair. Unrepairable devices not only make parts harvesting and end-of-life recycling more difficult, but they also cause significant environmental waste.

These devices typically have components soldered right into the hardware, which means that users have to replace their device every time there’s a malfunction. Repairable devices, on the other hand, contain components that users can quickly repair without having to replace their whole device.

How Repairable Are Today’s Devices?

A recent study conducted by Greenpeace and iFixit between 2015 and 2017 found that the industry practice of soldering components together, coupled with design complexity has made modern devices increasingly harder to repair.

“Of all the models assessed, we found a few best-in-class products, which demonstrate that designing for repairability is possible. On the other hand, some products from Apple, Samsung, and Microsoft are increasingly being designed in ways that make it difficult for users to fix, which shortens the lifespan of these devices and adds to growing stockpiles of e-waste,” said Gary Cook, IT Sector Analyst at Greenpeace USA.

Out of all the 40 devices assessed in the study, more than 70% had batteries that were impossible or difficult to replace because of the use of adhesives and design choices. For example, both Apple’s MacBook Pro Retina laptop and Samsung’s Galaxy S8 smartphone have batteries fixed to their device panels and in most cases, the only way to repair these components is to get the devices replaced altogether.

“Electronics take a massive amount of energy, human effort, and natural resources to make,” said, Kyle Wiens, CEO of iFixit. “And yet, manufacturers produce billions more of them every year -while consumers keep them for just a few years before tossing them away. E-waste is one of the fastest-growing waste streams in the world. We should be able to make electronics a more sustainable part of our lives.”

How To Make Your Devices More Repairable

Making your devices more repairable doesn’t mean that you have to reinvent your products. The most important thing you should focus on is developing ways to make the process of repairing devices easier and affordable for your end users.

You can accomplish this by making components with high failure rates available to customers for at least seven years after the manufacture date of your product. Examples of high failure rate devices include batteries and displays.

You should also include detailed repair guides in your device packaging to help customers understand what steps they can take to repair different components in their devices, and which specialized tools they may need during the process.

Recycling Devices

Implementing hardware recycling best practices in your organization will help reduce your environmental footprint, and save money in the long run. The best way to recycle old device components is to hire a professional recycling company that specializes in the disposal of electronic waste.

When looking for a recycling company, it’s essential to only work with companies that have either R2 Solutions or e-Stewards certifications. These certifications will ensure that your customer’s data remains protected during the hardware recycling process and that your devices don’t cause any harm to the environment as they get disposed of.

Next Steps

If you would like to learn more about how to properly dispose of your electronic devices, please contact us at any time. We have certifications from R2 solutions, GSA, and the Defense Logistics Agency, and we are happy to discuss ways to keep your information safe, both while you’re repairing devices, and after you’re done with them.