A data breach is a security incident that occurs when an unauthorized person or organization steals, manipulates, exposes or gains access to information from other people or organizations. According to the latest IBM report, data breaches generate costs of $4.88 million on average to the organizations affected by them. These costs derive from direct impacts on the business (operational downtime, the loss of customer information, etc.) and from the management of the incident (the investigation and correction of security deficiencies, the provision of customer service personnel, the payment of fines, etc.). To these costs we must add others, often more difficult to quantify, derived from reputational damage.
The origin of these data breaches could be found in:
The loss or theft of physical devices and documents: including those that have been discarded without being properly destroyed.
Targeted attacks: all by exploiting technical vulnerabilities, deceiving employees or collaborating with disgruntled workers.
Human errors: derived from the storage or sharing of data unintentionally or through unsecure channels.
Being aware of how data breaches occur allows us to identify those good practices that will help us minimize our exposure to these types of security risks.
How to avoid data breaches?
Train your employees: not only in corporate policies for the management and protection of information or in data breach management policies, so that they are also able to detect, avoid and report any attempt of attack or any suspicious activity.
Protect all devices: as we have seen, the theft or loss of devices is one of the most common causes of data breaches. Therefore, it is essential to ensure that no unauthorized person can access the information they contain. This can be done through device encryption and locking systems, strong password policies, two-factor authentication, remote wiping, etc.
Limit access to confidential and sensitive information: as a general rule, each employee should have access only to the information that is essential to perform their job. In the case of confidential or sensitive information, the access to it should be even more restrictive, limiting itself to those people who can be trusted and who really need to have access to the aforementioned information.
Destroy information securely before discarding it: when it is time to throw away printed documents or when devices become obsolete and need to be replaced with new ones, we must ensure that the information they contain becomes inaccessible. When it comes to paper documents, an office shredder will be essential. For the information contained on electronic devices, simply deleting the files or formatting the device is not enough. It is necessary to use specific deletion software to ensure that deleted documents are not recoverable.
Assess third-party risk: frequently, external companies that provide products or services to us have some access to our company’s systems, which poses a risk given that these companies do not necessarily have the same security and information protection standards as us. Therefore, it is essential to evaluate their level of security and compliance with regulatory standards to make the decisions and to implement the measures required to minimize the risk of suffering a data breach through them.
Form a team specialized in cybersecurity: this team will be in charge of carrying out constant monitoring of the systems and networks, keeping the equipment updated, ensuring the correct encryption of the information, developing and implementing incident response plans, etc. If it is not possible to have your own team, this service can be outsourced to companies specialized in cybersecurity.
As it has been mentioned, not only are data breaches one of the most common security incidents suffered by companies, but they are also among the ones that generate more costs. However, by implementing the aforementioned measures, we can substantially reduce our exposure to this risk.
Cookie settings
