Protecting Your Business from Information Breaches

Human safety and that of physical property aren’t the only security concerns for businesses. Protecting sensitive business, employee, and patron information has long been a priority for enterprises. Our increasing reliance on digital data collection, storage, and communication, coupled with the ever-growing connectivity of the workplace, only intensifies the need for digital security measures.

Digital Dangers

In Trustwave’s 2014 investigation of 574 data breaches (as documented in the2015 Trustwave Global Security Report), 81% were not detected by the victim company itself; instead credit card companies or banks typically alerted the compromised companies to the hack. The median length of time between a breach and its detection was 86 days—a span of nearly three months—but could be as long as 4.5 years. The median time from breach to containment was 188 days. Imagine how much damage could be done in that time.

iStock_000040650272_Small.jpg

Some wireless technologies, when improperly managed, increase the risk of an information breach. With the rise of the constantly connected office environment and “bring your own device” (BYOD) policies, the number of employees accessing—and therefore potentially compromising—sensitive information at any given time is enormous.

  • Lack of Qualified Personnel and Technology
    Many businesses have invested in digital security technology, but do not have staff members qualified to install and manage it, reports Trustwave in its “Security Survival Guide for Growing Businesses.” This lack often results in the under-deployment or outright misuse of security tools.
  • Phishing, Malware, and Viruses
    Cybercriminals lure unsuspecting users into opening or downloading spyware, viruses, ransomware, and other dangerous programs that hijack your device or network. These programs are hard to recognize or detect once installed, and they work quickly and quietly to access your data and control your system.
  • Poor Password Creation
    Trustwave’s Global Security Report found that the most common password at companies experiencing a data breach was “Password1.” 39% of passwords were eight characters long and could be cracked in a single day.
  • Unsecured Personal Mobile Devices
    Many companies do not adequately regulate the use of personal mobile devices for work. Even when businesses do put security policies into place for personal devices, employees may unwittingly compromise sensitive data by failing to comply or by underestimating the risks of certain behaviors. An employee’s lost or stolen device, unprotected by a PIN or similar locking mechanism, puts your information in the hands of strangers.
  • Unsafe Cloud Usage
    When employees use unsecured or unapproved cloud storage and collaboration tools, their personal data and your business information alike are made vulnerable.
  • Outdated or Unpatched Programs
    Today’s digital threats are highly sophisticated and quickly evolving. Outdated software or hardware may not be capable of supporting the more robust security measures needed to protect against these advanced threats. Systems that are unpatchable against malware put your data at risk.In many cases, however, as Trustwave reports in the “Security Survival Guide,” it’s not that software is unable to be updated with security patches for known issues. Users simply haven’t bothered to run provided updates, even on such commonly used programs as Microsoft Office, Adobe Reader, Adobe Flash, and Java.
  • Increasing Access Points
    As Trustwave’s “Security Survival Guide” points out, the “attack surface” is increasing: “From vulnerabilities in the cloud and Internet of Things to applications and databases, the list of entryways criminals can use to break into your corporate network has never been longer.” This also includes point-of-sale forms on e-commerce sites, from which customers’ payment information may be stolen. Without proper safeguards—and regular updates to digital security solutions—these entryways represent open doors to hackers.
  • Disgruntled Staff Members
    “Internal attacks are one of the biggest threats facing your data and systems,” Cortney Thompson, CTO ofGreen House Data, tells CIO’s Jennifer Lonoff Schiff in “6 Biggest Business Security Risks and How You Can Fight Back.” “Rogue employees, especially members of the IT team with knowledge of and access to networks, data centers and admin accounts, can cause serious damage.”
  • Careless Third-Party Service Providers
    Third-party IT or POS service providers may compromise security for convenience’s sake,Bomgar CEO Matt Dircks tells Schiff. For example, technicians may use the same password to log remotely into all of their clients’ servers. If that password is hacked, all of their clients’ information is vulnerable.

Benefits of a Digital Security Management System

Companies without the specialized staff to install, manage, and monitor digital security measures should consider an all-inclusive system to protect their network. Benefits of such a system include:

  • Constant Monitoring
    Security systems scan your devices and networks for threats around the clock, identify and resolve issues, and generate reports of vulnerabilities.
  • Identification of Unsafe Sites and Programs
    A security system alerts you to known risky websites and software, preventing you and your staff from unwittingly installing malicious programs.
  • Automatic Updates and Patching
    Automatic updates and patches continually protect your system against known and emerging threats.
  • Data Backup
    Automatic, encrypted backup protects information that is stored and allows for quick recovery of lost or compromised data.

Evolving Digital Threats

Digital threats will only continue to grow—rapidly—in number and sophistication. Intel Security currently estimates there are “327 new threats every minute.” “2016 Threats Predictions,” a report by McAfee Labs (an Intel Security company), states, “Five years ago, we thought that more users, more data, more devices, and more clouds were creating a perfect security storm of threats and vulnerabilities. Many of those predictions came true, but they were only the leading indicators of a much bigger storm, the acceleration of ‘more.’” Clearly, the estimated number of “327 new threats every minute” will soon be eclipsed, and attacks will become even more difficult to detect.

An automatically updated digital security manager that continually patches and inoculates your network against threats is a business necessity. If your organization is not yet adequately protected, there is no time to waste in setting up safeguards.

Lisa Majdi

Lisa Majdi

Lisa Majdi is the Director of Cox Business segment marketing, focused on the Mid-Market/Large Local customer segment. In her role, she leads the national marketing strategy for the Mid-Market/Large Local customer segment of Cox Business.

Lisa has more than 17 years of experience in segment marketing, customer relationship management and marketing communications with Verizon Wireless, BellSouth and AT&T. In addition to marketing leadership roles, She holds a Master’s degree in Communications from Western Kentucky University and holds a Six Sigma Green Belt certification.
Lisa Majdi