Almost overnight the volume of data in the world has exploded, best illustrated by the popular statistic that over 90% of the world’s data has been generated in the last two years. Accompanying this exponential growth in data comes exponential risks, as witnessed by blue chip organisations such as Blue Shield, Target, Home Depot, British Airways, Adobe, AOL, Evernote, Sony, and Apple who have all dealt with cyber attacks that have compromised large tranches of customer data. No organisation seems immune: even the IRS, and the European Central Bank have suffered losses. The list goes on.
IBM and Ponemon Institute recently surveyed 350 companies in 11 countries and found that the average cost paid for each lost or stolen record containing sensitive and confidential information jumped 6 percent from $145 to $154 from 2014 to 2015, with the value changing considerably based on the quality and contents of the record in addition to the reputation of who is selling it. Multiplied across a typical customer base of millions, the financial rewards gained by the perpetuators of cyber attacks is blatant, hence driving continued attacks on vulnerable companies containing massive amounts of consumer data.
There are a multitude of best practice steps organisations can consider to both reduce the risk of suffering from a data breach in the first place, and to proactively prepare for any subsequent breach if one were to happen – these include:
1. Keep current with security software standards
2. Ensure comprehensive employee education relating to handling of sensitive data
3. Minimise the data that is both collected and subsequently stored
4. Maintain the same security standards for data security for remote employees
5. Incorporate procedures to identify internal fraud risk
6. Undertake regular end-to-end vulnerability assessments
7. Develop and maintain a breach preparedness plan
Ensuring data is protected and secure within your own organisation however is only half the battle, and arguably the risks can be greater when data is transmitted externally. In the global ecosystem that we are all part of, knowing where any sensitive data is going, how it is being transmitted, and how it is being handled and stored is critical.
Data Vendor Vetting
Any procedures and controls that are put in place are only as strong as the weakest link in the end to end chain, and when you’re working with multiple data vendors - often across multiple countries - you’re dealing with many different complexities and moving parts. Regardless, data vendors need to be fully vetted to understand what their own security procedures are, and to understand how they both manage and retain sensitive sources of information.
At Trulioo we have done the heavy lifting and have undertaken our own due diligence with each of the 145 and growing data sources that we connect to today across more than 40 countries. We ensure a high standard in vetting each source so our clients feel assured that they are protected with IT standards as strong as their own and have the transparency and detail they need.
Limit Data Exchange
Any time that sensitive information is transmitted – whether it’s leveraging encryption, tokenisation or not - there’s a risk. We have taken the approach at Trulioo that being able to minimise what is being transferred, and when, is the best protection of all whilst ensuring our clients retain the value that they look for from a global identity bureau.
By Jon Jones, President, Trulioo