Data breaches. We hear about these so often, most of us think of them as commonplace. Recently a large email breach was announced at Yahoo, and hardly any subscribers thought twice about what they needed to do before changing their passwords and assuming their account was now safe. Yet many still receive notices of attempted account logins from foreign countries or even different continents.
Data security incidents affect all industries and companies of all sizes. Accepting that breaches are inevitable, doesn’t mean it’s not worth trying to stop them, and being aware of the most common causes of breached data is key to protecting your data. Every company should be constantly focused on preventing, detecting, and having the right capabilities in place to respond to data security incidents.
Most think of attacks on a company’s data as an external event, but that’s not always the case. In 2015, The US Department of Personnel Management, the IRS, and Morgan Stanley were among the victims of high-profile breaches that were reported – and all three breaches were the result of internal actions.
The top 6 causes of breaches in 2015, which were:
- Phishing, hacking or malware: Research has shown that more than 50% of these breaches were caused by human error.
- Employee action or mistake (e.g., device loss, sending data to the wrong email, etc.)
- External theft
- Vendor
- Internal theft (device or data)
- Lost or improper disposal of data
[responsive][/responsive]
With recent legislation, companies that experience a breach can now be held accountable for the stolen data of their employees and vendors in addition to their clients’ data. The total average cost to organizations for lost records in 2015 was $7.01 million, and with an average cost per lost record of $221, even small companies cannot afford to overlook any of the ways their data can be breached. And these numbers do not yet include what could be coming next: Litigation for stolen data that resulted in identity thefts.
Every company must take steps to secure their data throughout the life-cycle of the IT Assets in use. One of the most overlooked opportunities for a breach occurs during the IT Asset Disposition (ITAD) process, the 6th most common cause of a data breach. ITAD is not a new concern, but less experienced or poorly trained providers can create more opportunities for a breach than they prevent. Our teams have been in facilities where unsecured assets are readily accessible, and a breach could occur in a relatively undetectable fashion.
[responsive][/responsive]
And we’re just starting to see the importance of a well-maintained inventory, IT governance, and proper ITAD. The Internet of Things (IoT) is going to create many additional electronic assets that will contain and store data. Our best advice to every company: If you don’t have the bandwidth internally to properly maintain and track all of your IT assets, make sure you hire a competent ITAD provider and get a certificate of secure destruction!
CLR provides secure IT Asset Disposition services, Inventory Management Solutions, and Security Audit Services to determine the greatest risks to your company’s data.