The key to reducing the damage that data breaches can cause is to spot them quickly. Ponemon Institute’s 2018 Cost of a Data Breach Study found that, on average, organisations that identified a breach within 100 days saved more than $1 million (€880,000) per incident.
But to be able to spot a data breach you need to know what to look for. In this blog, we break down five common causes of data breaches, along with tips for staying safe.
Weak and stolen credentials
Poor passwords are reportedly exploited in 81% of data breaches. It’s one of the simplest ways to commit cyber crime, because if you have access to someone’s account you don’t need to bother with hacking tools or social engineering techniques.
It doesn’t take a lot of effort: cyber criminals use a computer program to run through thousands, if not millions, of commonly used passwords until they find a match. This normally doesn’t take long because, despite repeated warnings, people persist with simple and commonly used passwords. It’s 2018, people: you can do better than ‘123456’ or ‘Password’.
Another important tip is to make sure nobody steals your credentials. You can have a near-impenetrable passphrase, but it’s no good if you leave it written down for anyone to see. If you absolutely must make a note of your password, keep it out of sight and be sure not to throw it in the office bin.
Many of your employees will have access to sensitive information, and you must always assume that there’s a chance that someone will attempt to misappropriate it. That sounds cynical, but unfortunately the lure of financial gain from selling data on the dark web is too great for many.
Employees are also likely to use sensitive information maliciously if they feel disgruntled at work or if they have left an organisation under poor terms and still have access to its systems.
You can reduce the threat of former employees breaching your organisation by ensuring their access is cut off as soon as possible. Things are naturally more difficult when it comes to current employees, because they often need access to sensitive information to do their job. Implementing access controls will help, as this ensures employees can only view information that’s relevant to their job role.
You should also consider bolstering your cyber security culture. If you emphasise cyber security and show that you are taking it seriously, malicious employees are likely to realise how hard it is to get away with data theft.
Employees don’t have to act maliciously to commit a data breach. They might simply make a mistake, such as including the wrong person in the cc field of an email, attaching the wrong document or losing a laptop.
Insider error is often the result of a lapse in concentration, which makes it almost impossible to prevent. You can’t expect your workforce to never make mistakes.
What you can do is implement safeguards to minimise the damage. For example, sensitive information stored on a work-issued laptop should be encrypted to prevent misuse if it’s stolen. Similarly, access controls will ensure that an employee who was sent a document in error won’t be able to view it.
More tips on staying secure
Hopefully you now have a few ideas of what you can do to improve your organisation’s cyber security defences. But there’s one last thing we need to clarify: the threats listed here aren’t things that might occasionally happen if you’re not careful. They happen every day to organisations across the globe, many of whom were previously confident in their cyber security defences.
For an idea of just how serious the problem is, consider that Ponemon Institute estimated that organisations have a 27.7% chance of suffering a data breach in the next two years.
It’s paramount that you don’t take any half-measures when it comes to cyber security. You need to review your current set-up and identify where improvements need to be made as soon as possible. You also need to make sure you have a plan for when a breach does happen. Organisations that are prepared for data breaches are much more likely to contain an incident quicker and reduce the financial and reputational damage it causes.
Take our survey
IT Governance is committed to helping organisations stay secure, but to do that we need your help. Please take our quick survey so we can get an overview of how organisations are training their staff and what they can do to shore up their defences.