Posted in: Information security, Latest News & Views
There are a lot of steps many organizations could be taking to prevent costly data breaches.
The bad news in a recent report from the Ponemon Institute: Data breaches are expensive, and everyone’s a target.
The survey involved 471 organizations that had suffered at least one data breach in the past two years. Those respondents were organizations in all major industries, and the study included companies of many different sizes.
And the impact of those incidents went far beyond just the IT costs of investigating and mitigating the attacks.
For example, 76% of the survey respondents said they have or are likely to lose customers or business partners because of a breach. In addition, 75% cite negative public opinion and media reports, while 66% said there were serious, direct financial consequences after their data breach.
But the good news: There are some simple many organizations could to prevent a number of those breaches.
Here are some of the steps many businesses aren’t taking, according to Ponemon:
1. Verifying mobile devices
As more organizations adopt BYOD programs, employees’ personal devices are starting to present a significant risk to company data. One step many experts recommend to reduce the risk is to write a BYOD policy listing what security features must be present in order for a device to be used, and then verify that those options are activated.
However, many companies aren’t doing that, according to the Ponemon survey. While 78% of the organizations surveyed allow personal devices at work, 61% said they don’t require those devices to be tested to make sure their security is up to par.
2. Restricting employees’ access to data
Many IT security incidents are caused by the company’s end users — either because malicious insiders intentionally steal data, or because they accidentally install malware, fall for phishing scams or otherwise let external attackers on to the network.
That’s why it’s important for IT to limit the access employees have to only the information and systems they need for their jobs. However, just 44% of the survey respondents said their organization is effective at doing so.
3. Investigating third parties
Especially as cloud computing becomes more common, companies are putting a lot of sensitive data in the hands of third-party providers. That can cause big problems if an organization’s data is stolen because of a breach at a third party.
Unfortunately, many organizations don’t do enough to make sure they only hand over information to businesses that will keep it secure. Just 54% of survey respondents said they thoroughly vet third parties before doing business with them.
Read on to learn more about companies’ most common IT security mistakes.
FinanceTechNews.com delivers the latest Finance news once a week to the inboxes of over 150,000 Finance professionals.