When you hear the term “data loss”, it’s usually from a media report detailing the latest issue a company is facing. Unfortunately in today’s headlines, it’s Target that has announced it may have had over 40 million accounts compromised during the holiday shopping season. Here in Massachusetts businesses can be fined up to $5000 per customer record that’s lost or compromised – a heavy fine indeed for any business to bear.
Data loss is a major concern for businesses of all kinds, and the statistics back that up. KPMG reported that data loss is pretty steady across all sectors. A 2012 report showed that government suffered the highest number of incidents (with 16.4% of all reported data loss episode), followed by education and technology companies.
Retail (the category Target is part of), media, and healthcare firms are all in the same range of data loss percentages at around 8.4%, while insurance firms came in the lowest with just 1.2% of all reported data loss incidents. Financial and law services were also on the lower end, showing that companies that routinely deal with sensitive client data are taking steps to protect their networks and data.
How is this data being lost?
The largest percentage of reported incidents, by far, were related to hacking activities at over 67%. That’s FAR too high of a percentage, given the amount of security services available to companies. To give you an idea, the next highest cause of loss was PC theft, with 4.8% of all reported loss. Yes, hacking can cause that much damage, and it is that widespread.
Now, with all of that data being presented, how do companies keep themselves from being one of those reported statistics?
Employees need to be taught best practices, first and foremost. It goes without saying that no one should be clicking on email links or attachments sent by unrecognized senders. Use of external media, such as USB drives, should be heavily regulated. At this point many businesses are adopting their own BYOD (Bring Your Own Device) policies as well to help reduce security holes from within their network. Web surfing may need to be monitored and regulated as well to make sure employees aren’t visiting suspect websites from work machines as well.
On the network side every business, regardless of size, should have some sort of firewall protecting their computers and servers. These firewalls should be kept up to date with firmware and software updates to make sure they can recognize and block known security threats. Many mid-size and up firewalls can also police web surfing, block suspicious activity, and even stop malicious hidden traffic from entering or being sent from the corporate network. Firewalls are no longer expensive, complicated devices that only huge companies have – any business, regardless if they employ 1 or 1000 employees, needs to make sure they are protected.
In addition to security, data should always be backed up in the event that an actual loss occurs. Many companies are opting for redundant backup, using both a local appliance as well as offsite backup services, to ensure their data is protected against loss or theft. Even better are automated backup services, so employers don’t need to worry about their employees forgetting to back up their mission critical documents and client data. All backups, whether local or offsite, should be checked up on regularly to make sure the data is complete. No business wants to keep rotating backup tapes, only to discover that their backup device stopped functioning a year earlier.
As more and more processes are moved to digital platforms, and companies become less reliant on paper records, businesses need to protect themselves and their clients by safeguarding their data. By developing a plan and deploying appropriate security devices, software, and protocols, any and every company can make sure they are staying secure and protected.