It seems that not a day goes by without another massive data breach incident providing fodder for the morning headlines or the evening news. That should come as no surprise. According to key studies, the average company experienced more than 91 million security events in 2013 and 33 percent of Fortune 100 organizations will experience an information crisis by 2017, due to their inability to effectively value, govern, and trust their enterprise information. Lawmakers, regulators, insurers, and plaintiffs’ lawyers have all taken keen notice, adding heightened duties, expectations, risks, and exposure for companies regarding data privacy and security. These headaches are in addition to the harm to an organization’s reputation and customer base that often follows a cybercrime or significant data breach. Thus, it is no wonder that data security and privacy are fast-becoming a major concern for companies of all types and sizes.
Mitigating the likelihood of your organization falling victim to a cybercrime or data breach involves more than just a robust firewall aimed at foiling hackers and cybercrooks sitting in far-away places. Security incidents can stem from everything from weak passwords to lost or stolen laptops, and from employee theft to failure to recognize a “spear phishing” attack. Accordingly, it is important to have in place key company policies and practices regarding information security, BYOD use, wireless access, encryption, patch management, data access by outside vendors, and incident notification, just to name a few. Of course, these policies must also be properly understood and followed in order to be effective, because roughly half of all data breaches are due to employee failure to comply with their company’s own security policy. And since security incidents can occur despite best efforts, having a proven incident response plan in place with input and involvement by key members of the organization is indispensable to mitigating the fallout from a data breach. Finally, because it is important to know what you have, and then have less to lose in the event of a security incident, practicing good information hygiene in the workplace can also lessen the likelihood and adverse consequences of a data breach.
A data security or privacy breach can happen to any company. The time to know what can be done to better protect your company, to notify and train your employees, and to pragmatically deal with a data breach in the workplace is now.