Data breaches are increasing, and customers are abandoning companies that let it happen!
If one insurer’s experience is representative, data breaches (the loss of proprietary company data) have increased by 30% over the last 5 years. Specialty carrier Beazley Group announced the results of its internal study at the annual International Association of Privacy Professionals’ privacy symposium this month with a warning to business owners that customers are getting fed up with poor custodianship of their sensitive data. Beazley’s recommendations for securing your company’s data should be considered by any business that captures and stores valuable customer data.
Criminals are More Sophisticated
While most data breaches are still the result of innocent mistakes by company employees, criminals have become more sophisticated in their attacks as well. Unintended disclosures, such as those resulting from a misdirected email or fax, account for 31% of the data breaches Beazley has investigated. Another 24% occur when paper documents are lost – a problem that plagues healthcare organizations more than other industries. Criminal data breaches – those inflicted by malware and hacking attacks – only account for 12% of Beazley’s cases; however, that represents a 20% increase just in the last year.
More importantly, the costs to identify the extent of those criminal attacks and implement security solutions are way more – almost 4.5 times more costly – than it costs to remedy unintended data loss. Also, criminals don’t stop stealing data until forced to do so, whereas the unintended losses due to employee negligence are typically isolated incidents. Data breaches are a problem that will only get worse if measures are not taken quickly to stop it.
Millions of People Affected
Of just those data breaches serviced by Beazley, more than 14 million people were victimized. Who knows how many other people are at risk of financial loss from data breaches beyond Beazley’s purview? What we do know is, they’re not happy.
A separate academic study by EUI Global found that 18% of its respondents had been victimized by a data breach, and of those victims, more than 1 in 3 stated that they would no longer patronize the company that had lost their data. Even worse, those disgruntled customers are warning their friends and family away from the companies – 46% of the unhappy respondents admitted as much.
How Can You Avoid Being a Victim?
Because the majority of the data breaches it tracked were inadvertent, and others were easily preventable, Beazley’s announcement included five tips on how to avoid becoming a data breach victim. We believe you should consider how your company can implement these strategies:
Device encryption
The great majority of data losses due to a lost portable device, such as a laptop, tablet, or storage device, would have been prevented if the data on those devices had been encrypted. Encryption is easy, fast, and inexpensive. It also qualifies as a safe harbor measure under most breach notification laws so that you do not have to notify customers that you’ve misplaced their information.2. Automated patch management
Because security companies have become very fast to identify product vulnerabilities and issue software updates, most malware attacks take advantage of outdated computer systems. If your IT department manages systems updates and patch installations manually, it’s time to automate that process. Automated patch management solutions maintain your systems’ security faster and more consistently than your staff can do.
3. Implement a more secure password strategy
The days when computer hackers were usually pimply-faced high school nerds working from home are over. Today, well-financed and sophisticated criminal networks are attacking businesses with as much technology and computing power as the largest companies. The weakest links in your security chain are the user passwords of your employees. Hackers have developed programs that can cycle through all permutations of potential passwords – those derived from real words or names – within hours. By increasing the complexity of your passwords, such as requiring both numbers and letters or symbols, and upper and lower case characters, you render those programs useless.
4. Catch a Phish
The hardest data breaches to prevent are those caused by employee errors, especially when the employee is only trying to do the right thing. Criminals prey on your employees’ good intentions with phishing attacks that, essentially, ask your staff or contractors to reveal their passwords. Train your employees to recognize the signs that an email or text is not what it appears before they reply with revealing information that opens the door to your IT systems.
5. Check Before You Click
According to Beazley, 30% of their clients’ data breaches resulted from an inadvertent disclosure – the employee will accidentally send an email, fax, or letter to the wrong person. The solution is easy, yet hard – you have to train employees to double check all communications for accuracy before they are sent.
For the record, Nahai Insurance has trained all of our staff in these strategies and more to ensure our clients’ data remains secure in our systems. Let us know if we can help your company, and be safe out there. For more information about protecting your business from the risks of data breaches, contact your Nahai Insurance agent.