Businesses today collect and store massive amounts of data about customers, employees, and competitors. This data usually stays within the confines of the company’s local network, but there are cases where it ends up in the wrong hands.
Data breaches can happen to any business, whether it’s an enterprise or a small business. The key to avoiding one is to ensure need to have a proper process for managing sensitive information.
What is a data breach?
A data breach is an incident that leads to the unauthorized release of private information such as intellectual property, personal health information (PHI), trade secrets, and personally identifiable information (PII).
Offenders commonly use data breaches to get credit card numbers, social security numbers, and healthcare histories, as well as company information, such as software source code, customer lists, and manufacturing processes.
A 2017 study by Security Metrics found that the average organization was vulnerable to security breaches for 1,549 days. What’s even more surprising is that 97% of businesses had firewalls in place at the time of compromise, and at least 15% of firewalls did not meet PCI requirements.
The longer it takes to find a breach, the higher the cost will be. Research from IBM shows that the average price of a data breach in 2016 was about $4 million. However, this cost went down to $3.62 in 2017 because the average time to detect a data breach decreased to 66 days from 70 days.
Recent data breaches
In the past ten years, there have been more than 300 data breaches involving both large and small companies.
Below are some the most notable breaches of 2017:
In 2013, Yahoo had a data breach that led to three billion compromised accounts. Everyone with a Yahoo account at the time was affected, but the company didn’t disclose the hack until 2017.
The breach exposed usernames, email addresses, hashed passwords, birthdays, phone numbers, as well as security questions and answers. Yahoo later confirmed that hackers were not able to get credit card information associated with each account, nor were they able to steal passwords.
Nissan Canada is another company got hit with a data breach in 2017. Their breach mainly targeted customers that financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada and affected 1.13 million customers.
Nissan Canada found out about the data breach on December 11 but didn’t tell customers until December 21. “We immediately began taking steps to make sure the breach happened, everyone is now being contacted,” a spokesperson at Nissan Canada said.
The Equifax data breach of 2017 was perhaps one the most publicized breaches of the year. It affected 143 million consumers and lasted from mid-May through July.
Hackers got access to people’s names, social security numbers, birth dates, addresses and, in some cases, driver’s license numbers. They also managed to steal 209,000 credit card numbers and the personal information of 182,000 people living in the United States, the UK, and Canada.
How to prevent data breaches
Below are three things we recommend you do to prevent your company from falling victim to a data breach.
Train your employees
Create procedures and policies describing how employees should manage private data and then train your employees on the rules. You should also encourage them to follow basic best practices such as logging off their computers, encrypting shared folders, and locking their offices at the end of the day.
Protect your data
Always use a safe location or device to store records of private information. Restrict this information to only employees who must have access and never allow third-party vendors or temporary employees to access private information about your customers.
Destroy unused hardware
Destroy any devices that contain private information including CDs, DVDs, and hard drives. Simply deleting your files or reformatting your hard drives will not erase all data. The best way to completely wipe everything is to use specialized software or hire a professional.
At Securis, we have a team of experts who can help you safely dispose of private customer information from your hard drives using best practices and procedures. Contact us today to learn more about our services.