Data security can no longer be relegated to your enterprise’s IT department and forgotten. The stakes are too high. If you don’t agree, think Verizon Enterprise Solutions or Premier Healthcare, Snapchat or LinkedIn, and even Wendy’s—who are just a few of the breaches that have occurred in this calendar year. Fortune also created a report of the famous—or infamous—data breaches that surfaced earlier at Wal-Mart, Home Depot, Target, Neiman Marcus, and even Apple.
With enterprises being more vulnerable than ever, corporations must build a strong data security force including top executives and a vigilent IT team. Taking into account regulatory changes, global competition for customers, currency fluctuations, and other threats to the bottom line, every senior executive needs to keep an active eye on their company’s reputation and trustworthiness—factors that directly affect their ability to attract and keep customers. Obvious factors that impact an enterprise’s reputation and trustworthiness include products and services. Less obvious—but perhaps most important because of how often it is overlooked—is data security.
Important Lessons from Data Breaches in the News
Preventing data breaches makes great financial sense and prevents your enterprise from becoming another data breach statistic in the news.
The cost of a data breach to businesses
The Ponemon Institute’s most recent analysis of the cost of data breaches determined that “the average total cost of a data breach for the 383 companies participating in this research increased from $3.79 to $4 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158….”
The study’s key findings:
- The average cost per breach for each record with confidential information in the healthcare industry now totals $355.
- In retail the average per-breach cost is $172.
- In the transportation industry, it is $129.
The real vulnerabilities your enterprise faces:
- The study includes the costs of lost business, unrecoverable opportunities, and recovered opportunities that take extended periods of time to benefit from. According to Ponemon Institute’s study, higher churn rates were associated with a significant hike in the average cost of the data breach: “Companies that experienced less than a 1 percent loss of existing customers had an average data breach cost of $2.7 million or if the loss of existing customers exceeded 4 percent the cost averaged $5.5 million.”
- Although most data breaches were caused by outside hackers,study found that on average, an enterprise’s own system glitches cost $138 per record, and human error or negligence came at a cost of $133 per record in 2016. Multiply this by your vulnerable records and your potential cost of an internally-caused breach may soar to between $100,000 and $200,00.
- Just how vulnerable is your information? The Ponemon report cites that in just a two-year time frame, there is a 26 percent chance that a material data breach involving at least 10,000 lost or stolen records will occur.
5 key steps to secure your data
The Ponemon report identifies the following steps which if taken, reduces the likelihood of a data breach:
- Bring a Chief Information Security Officer on board and save $7 per confidential record.
- Employ an Incident Response Team to reduce the cost of a data breach by $16 per record.
- “Extensive” use of encryption will lower that cost by $13 per record.
- Participate in “threat sharing” and save $9.00 per record.
- Employee training also saves $9.00 per record.
Partnering with a Security as a Service (SECaaS) provider is also a great way to bring in the experts without adding to the overhead.
What is data encryption and when does it need to be used?
Data encryption is simply a process that converts plain, readable digital text into compressed code known as ciphertext which only becomes readable when accessed using a secure password or encryption keys and digital certificates.
According to TechTarget, encrypted code has three components that offer its security:
- Authentication: the origin of a message can be verified.
- Integrity: proof that the contents of a message have not been changed since it was sent.
- Non-repudiation: the sender of a message cannot deny sending the message.
Companies generally have three types of encryptable data: data in motion, data in use, and data at rest.
- Data in motion—such as e-faxes or email—refers to data being transmitted from point to point over a network.
- Data in use refers to just that: digital information that someone is working on, whether that be creating it, deleting it, or modifying it.
- Data at rest refers to all the digital information just sitting on hard drives or servers, or in laptops, tablets, or mobile phones.
Knowing which data to encrypt and when, are part of the strategic decisions that will decide your enterprise’s risk and vulnerability levels. This decision is often made at top level in collaboration with the affected stakeholders.
- Take into consideration regulatory compliance issues for your industry when designing an encryption strategy.
- Include security measures towards mobile access to secured data.
Tie National, LLC offers end-to-end technology solutions specifically designed to meet the needs of your enterprise. Please contact us for more information.