The price you pay for lax data security

By Torgny Gunnarsson | 28 July 2014

Whether it’s user data within large companies or highly sensitive company financial information, data breaches can be incredibly costly to a business. For financial organisations of all sizes, such sensitive information can mean the life or death of the business and the security of that data should be prioritised accordingly.

As increasing numbers of businesses look to explore technology platforms to make managing, sorting and sharing their key information faster and more effective, the issue of business data security has risen rapidly to prominence. Instances of large data breaches have become a regular fixture in the press. The focus is often on how it affects consumers and customers, with leaked personal information and passwords sold on to fraudsters for nefarious purposes. The specifics of how the data was accessed are rarely explored in much detail.  It can leave businesses unsure how to to best forward plan and ensure that the same thing doesn’t happen to them.

Businesses are certainly becoming increasingly aware of the need to safeguard their sensitive data against a growing number of data breaches. According to the Online Trust Alliance, 740 million online records were exposed in 2013, making it the worst year for data breaches recorded. It would appear that, as businesses store increasing quantities of data on their customers, the incentives for the unscrupulous to get hold of that data has increased. The quantity of data that can be swiped in an instant is staggering. When Adobe was hacked last year, they lost the user information of 33 million customers. Such malicious attempts to grab data can have severe consequences for the bottom line too. After hackers gained access to the credit and debit card details of 40 million Target users, company earnings fell 16 per cent and their CEO resigned.

For businesses in the financial sector – where the stakes are very high – a 360° awareness of the security of all levels of data is paramount. If in doubt, a zero-base approach is a must. Although it may sound obvious, it’s all too apparent that many companies only fully analyse company data security when it’s too late, post-breach. It is only at these points that institutions look at how many employees within the company have insecure work habits, such as emailing themselves files to personal email/cloud storage accounts to work on later. If you’re reading this and aren’t sure whether your company has a policy on storing work via common personal storage tools such as Dropbox or Google Drive – go and find out! They may well thank you for the enquiry later.

Research by the Ponemon Institute sheds new light on the costs incurred following data loss incidents. A recent analysis of 314 companies across 16 industry sectors shows that the average total cost of a data breach comes in at just over £2m. These costs include both the direct expense of digital forensic experts – providing hotline support, and offering discounts on future products and services to those affected – and indirect costs, such as in-house investigations and the estimated value of customer loss in light of the data breach. It’s a huge sum and should serve as a warning to businesses who aren’t yet taking the security of their everyday data seriously. One of the most striking findings in the report is that out of the ten countries involved in the research, Indian organisations spend the lowest amount on data breach detection and investigation and have the highest estimated probability (30 per cent chance over two years) of a breach taking place. Conversely, German organisations spend the most on detection and investigation and have the lowest estimated probability of a breach taking place (2 per cent chance over two years). If there’s a lesson to be learned it’s that with data security the investment is worthwhile.

It’s not enough to focus on malicious and criminal attacks on data. There’s a large proportion of data breaches which are caused by human error. Stories abound of people accidentally leaving laptops, tablets and smartphones containing sensitive information in the back of cabs. The UK Government alone has suffered from breaches owing to USB sticks with such information being stolen in a break-in, NHS computers being sold on eBay without first being wiped of data and discs containing confidential information going missing in the post. Just weeks ago the BBC was criticised when a researcher downloaded a cache of material from a Dropbox service onto a USB stick and handed it to a third party. Hidden on the stick was a compromised file containing the names and details of senior military figures. Employers have to be educated about maintaining the integrity of sensitive company data. Even well-meaning colleagues can accidentally cause damage. Human error can never be fully eradicated, but with prudent application of IT oversight the risk to a business can be minimised. This is why we as a business have made sure our ISO accreditation not only covers the business as a whole, but also our staff. This kind of confidence in our service when dealing with major businesses and business critical sensitive data cannot be underestimated. It’s a problem the medical sector has been trying to combat for some time. The Ponemon Institute’s research shows that churn rate is highest in the pharmaceutical industry following a data breach, suggesting there’s a great sensitivity from customers to keeping their involvement secret. Interestingly, the second highest churn rate is in the financial sector, where clients and customers are similarly unforgiving of companies which directly or indirectly expose their data.

The financial sector – above all others – must provide up-to-the-minute solutions to the problems caused by an ever-evolving digital landscape. This means taking proactive steps to ensure that employers are aware of company policy, that files are encrypted, and that any service provider the company uses maintains the highest standards of security.

 

By Torgny Gunnarsson, CEO, Imprima

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development