Cyber-attacks can have a devastating impact on businesses, costing them money and their reputation. With consumers becoming increasingly concerned with how organizations are handling their personal information due to a rise in highly publicized data breaches in recent years (such as the Facebook and Cambridge Analytica scandal), your business falling victim to a breach is a quick way to lose customers’ trust, which something that can be very hard to get back. Just ask Facebook; following reports of their scandal (which came to light in 2018), they lost $35 billion in market value. In a recent poll, it was also discovered that 60% of Americans no longer trust the social media giant with their information.
Data breaches are becoming more common, and sadly, they’re costing businesses more and more. As the 2018 Cost of a Data Breach Study: Global Overview shows, the global average cost of a data breach currently stands at $3.86 million, up 6.4% from the previous year. The study, which was conducted by IBM Security and Ponemon Institute, also concluded that:
This is largely due to the fact that the majority of companies have now digitalized their records. Though this brings many benefits (such as making it easier for staff to work remotely), digitalizing records also makes them vulnerable to hacks, phishing calls and emails, ransomware, and other cyber-attacks.
Larger organizations are also connecting more of their infrastructure, so that it’s quicker and easier to access the information they need. However, this also means that hackers have access to more of your vital data (including personal data on your customers) in one place.
Though news of a data breach is likely to make customers lose trust in your business (as many people have with Facebook), fines for such incidents are also getting more expensive. Under the UK and EU’s new Data Protection Regulations (GDPR), organizations could be fined up to €20 million or 4% of their annual turnover. This can impact any companies that deal with customers from this part of the world.
The state of California is also due to take a tougher stance on data breaches through the enforcement of the California Consumer Privacy Act of 2018 (CCPA), which will begin in 2020. Again, this will impact businesses that deal with customers in this area, even if the business isn’t based in California. The new CCPA will give consumers more control over their personal data, causing it to be compared to GDPR.
Though a data breach will cost your business less the quicker it’s dealt with, the best solution is to stop them from happening in the first place. Here are some of the biggest data breach risks and some things you can do to prevent them:
Although remote working is highly beneficial to businesses as they are able to have employees located all over the world, this does bring security risks. Staff can leave devices such as their work laptops and cell phones unattended and connect to unsecure WiFi. Reduce this risk by not allowing employees to use devices that hold sensitive information in public places. Work devices should also be secured with strong passwords that aren’t easy to guess; this means no pets names or dates or birth!
This is when companies try to illegally obtain sensitive information such as usernames, passwords and debit and credit card details by pretending to be another company. Educate everyone in your company on the risks and implications of providing sensitive information over the phone or by email, as well as giving them tips on how to identify phishing emails, and ensuring that any your employees receive are reported to your company.
Ransomware is a type of malicious software that threatens the owner of the device unless they pay a ransom. It is often mistakenly installed on devices due to the fact that it disguises itself as a harmless piece of software, such as another trusted programme. Protect against this by blocking your staff from downloading programs on work computers and ensuring that all of your company’s devices have anti-virus protection installed as standard.
If your company does find itself as the victim of a cyber-attack, you should take the following steps to minimise as much damage as possible:
Most organizations won’t be able to afford $150 million if they’re hit by a data breach, and this is a cost that’s only going to increase over the years as cyber-attacks (such as phishing and ransomware) get more convincing. Fortunately, by taking the above steps, you can prevent this risk and maintain the trust and safety of your customers.