The most common data breaches that companies have to face are :
- Stolen data / hacked (from inside or outside sources)
- Administrative errors (human operator mistakes)
- Mistakenly online exposition (insufficient protection or application vulnerabilities)
- Visual hacking (workers accessing data from their mobile or personal devices)
- Data loss (malwares, espionage)
The number of data breaches keep growing and nothing announces that the trend is going to reverse. Organizations can’t say that they are not warned or even unaware of the extent of the problem. So are they ill-prepared ? Certainly. Do they want to face the problem ? Definitely. But the fear of unchecked costs and time-consuming efforts seems to be stronger for many than the wiser decision of taking action here and now…
Data protection enforcement is a task that many countries take very seriously. Canada and Europe lead the way with strong privacy regulations, the United States and Australia have been just a tad more moderate so far (the enforcement in both countries being complicated by the fact that they’re divided in states each with their own legislation), while Russia and South Africa still have to join in the security wagon. The EU is currently working on an upcoming general regulation that will have to be applied by all parties acting on European territory : the General Data Protection Regulation, which will mean new rights and obligations for organizations worldwide.
How can you avoid most data breaches ?
It’s impossible to guarantee that a solution in preventing a data breach is 100% secure. Too many possible entries into a system, too many people involved with the applications, ill-intentioned hackers getting sneakier every day…
Protection of data requires similar steps to protecting your home. Even if you cannot entirely prevent your home from being robbed (even with the sturdiest doors and best alarm systems, when someone really wants to get inside, they will get the job done), does it mean that you will leave your door unlocked ? Of course not. Wisdom makes you lock that door every time you go out and the same reason should entice you to treat your data with the same significance.
So what can you do ?
- Foster data ownership* : someone must be responsible for data inside an organization and must control access to data (Chief Data Officer or Information Security Officer). This centralized access will productively diminish the risk of a data breach from the inside but also anticipate most illegal attempts coming from the outside.
- Calculate the risks : managing teams must feel the need to participate in the security program, it will benefit every department since it will allow them to feel more concerned in regard to costs and efficiency.
- Protect your data : decision, action, response. Think of your needs and obligations, choose the best solution available according to your needs, quickly react when a breach actually happens.
- Stay vigilant : proactive monitoring of your data’s access, constant watch and maintained awareness within all levels of the organization.
*between 60 and 80 % of breaches come from the inside when a copy of the database is made for testing or training purposes. A surprising number ! This lack of security during an otherwise quite common occurence should not be taken lightly. An anonymization tool is a necessity which, coupled with a database copying function, will prevent such risks.