6 Lessons Learned From Recent Data Breaches
July 30, 2019
How To Protect Yourself From A Devastating Data Breach
There have been a number of cyberattacks recently which should be of genuine concern to businesses. You may have heard about Capital One’s recent data breach, compromising the data of over 100 million people. It seems every other week there’s a corporation losing its consumers’ data.
Aside from the familiarity of these enormous data breaches which have affected some of the biggest corporations around, there is growing anxiety among small business owners about the how they could fall victim in the near future.
While some of the larger attacks are more headline-grabbing, the reality is that nearly half of all attacks in fact target small businesses. Unfortunately, in today’s cybersecurity market, many SMBs are poorly equipped to deal with cyber threats.
IT decision makers are virtually unanimous in believing that their organizations are susceptible to external attacks, and 71% of these decision makers say they don’t have the cybersecurity infrastructure to prepare for an attack.
With the added cost of implementing data protection into businesses and the potential of having to abide by guidelines for emerging technologies, SMBs simply cannot afford to deal with costly cyberattacks.
Here’s six lessons we’ve learned from recent data breaches that you can use to protect your business:
1. Take the Lead From the Top
Some of the more high-profile breaches in recent years have helped to bring the issue of cybersecurity to light for executives. The Equifax breach towards the end of 2017, for example, was responsible for compromising the personal information of nearly 150 million people and has made been making headlines ever since. While last year there was an overall drop in the number of attacks, 2018 saw a record number of personal records exposed in data breaches—incidents increased by 126%.
As the threat of cyberattacks grows and occurrences increase, top decision makers have to—and more commonly are—become more involved with cybersecurity, implementing practices from the top down. This is a trend that has progressed in 2019, with 54% of executives and 39% of directors knowledgeable and engaged in the planning responses for data breaches.
This is a trend we’d like to see continue; having the involvement of board members and C-suite executives is crucial to seeing cybersecurity as a serious consideration for an SMB's workforce and processes.
2. Train Your Workforce
Mistakes happen, it’s inevitable and cannot be avoided no matter how hard you try. However, mitigating the probability of human error is an absolute necessity and the cornerstone of any thorough cybersecurity plan.
It’s one of the reasons we at Impact Networking provide security awareness training as a core part of our cybersecurity protection to ensure the best safety measures for our clients.
You might think that the biggest cyber threat to your business is hackers, it is in fact the very people you employ. 47% of data breaches are caused by employee negligence like accidental loss of a device or misplacing a document online. With cyberattacks costing businesses an average of $5 million, this is an area in which all SMBs should look to improve their processes.
Improving awareness of cybersecurity will mean addressing common bad habits regarding tech use, ensuring that remote work is conducted safely, and improving the culture of the workplace to embrace correct ‘digital hygiene’. Of organizations that implemented cyber training methods, 79% of them avoided a breach; compared to 69% of those that didn’t.
3. Manage Your IoT Devices
The Internet of Things market has seen explosive growth over the last two years. The market was worth $235 billion in 2017 and is predicted to be worth $520 billion by 2021. As with virtually any form of new technology, cybersecurity has to play catch-up, and the increased use of connected devices in the workplace is no different.
Nearly half of all SMBs have experienced at least one IoT data breach.
This is primarily because of distinct lack of security plans which comprehensively cover all devices in a network. With 9 out of 10 employees bringing their own technology into the workplace, this liability should be a major consideration to address.
For this reason, ensuring that your business’ security is enforced at the network-level is fundamental. The huge amount of IoT devices that exist in a work environment make it impossible to implement security at the device level.
The benefits of cloud security become clearer here. With so many new devices accessing and collecting the vast amounts of data now stored on cloud systems, having a comprehensive program for cloud security is essential for protecting your client data and organization data.
4. Have a Disaster Recovery Plan
This is an absolute must for any small business. The average time it takes for a company to identify and contain a data breach in their system is 279 days—that’s over nine months. The longer a breach’s lifecycle, the more it costs and the more damage it does to the organization.
Having a disaster recovery and business continuity plan in place to deal with attacks quickly and effectively should be right at the top of your cybersecurity agenda.
This means having access to a secure source of any and all affected data. Solutions should include:
- Image backups of the entire OS; including all applications, configurations, and data
- The ability to completely restore everything exactly as it was prior to the breach
- Restored servers up and running in a predetermined amount of time after a breach
These are the solutions we provide for our clients to ensure a speedy recovery. Since a slow response can be make or break for an SMB, having the ability to continuously monitor and anticipate threats before they hurt your business is essential. Remember, cybersecurity is fundamentally about being proactive, not reactive.
5. Understand That Cybersecurity Is an Ongoing Process
A disaster recovery and business continuity plan that monitors your organization on a continuous basis is one of the best proactive steps you can take to maintaining your cyber integrity.
Another is ensuring that your business is regularly assessed to test its capabilities against attacks. This can be done with penetration testing, where specialist tools are used to simulate real-world attacks to actively and safely breach systems.
An assessment can then be made on the vulnerability of a business network and a determination can be made on how to improve existing functions. At Impact, we recommend semi-regular penetration testing, in addition to updated security policy and compliance checks.
The landscape of cybersecurity changes constantly. New technical and system vulnerabilities are found every day. This is particularly pertinent to the large numbers of SMBs undergoing some kind of digital transformation—the implementations and changes to business processes and workflow systems are a ripe environment for cyberattacks.
For these reasons we recommend that decision makers view cybersecurity as an ongoing process for the future and not as a one-and-done installation process. We're well past the days of assuming an anti-virus software solution is enough.
6. Invest In Your Cybersecurity
There is more investment in cybersecurity than ever before. The market was worth $3.5 billion in 2004. This year the market is worth an estimated $124 billion. The reason for this enormous growth is that SMB decision makers are becoming more aware of the need to invest in a cybersecurity strategy that protects their organization.
While there are cases where SMBs are not investing in the IT solutions they need, the majority understand that investment is a necessity for a modern, forward-looking business. It appears to pay off—Experian’s annual data breach report for 2018 indicated that of companies that prevent data breaches, 73% had increased spending on cybersecurity tech. Of companies that experience a breach, only 61% had increased investment.
When decision makers find that the results of their investments are unsatisfying, it is often the result of acquiring the wrong products or services. This is where a trusted MSP like Impact can step in and provide an extensive assessment which analyzes processes, discovers pain points, and allows us to determine the necessary solutions for comprehensive cybersecurity implementation.
Want to Learn More?
For business leaders, cybersecurity is one of the most pressing issues facing their companies today. Imapct’s CompleteCare program provides vital cybersecurity protection for clients, keeping their minds at ease in the knowledge that their IT infrastructure is being monitored and maintained by our cybersecurity experts. Learn more about Impact’s offerings here.