David Zimmerman, CEO and Founder of LC Technology, shares the following key findings with us.
According to a 2016 study from IBM regarding the costs of data breaches and loss, the average consolidated cost has moved from $3.8 million to $4 million. On a granular level, the study also found that the costs for each lost or stolen record containing sensitive and confidential information increased from $154 to $158. The stakes are high for companies to properly manage their data, as loss and data exposure can effectively ruin a firm’s reputation with customers and partners.
Here are five ways individual employees and IT are causing companies to lose data, and some best practices for preventing a crippling data loss.
1. Changing Advanced Settings
The “advanced settings” feature on computers is not there just for show. It’s a serious warning to the user that they better know what they are doing before they start making system changes. A frequent example of such a setting involves the BIOS (Basic Input Output System), which is the chip that instructs the computer on the next steps to take after power-on. Changes to this setting can be made with the best intentions, but they might expose the machine to data loss or theft. Advanced settings adjustments are best handled by IT in controlled environments in order to greatly reduce the chances of local data loss.
2. Exposing the Company to Ransomware
Ransomware is a hacking scheme that involves taking over a person’s computer files, encrypting them so they appear as garbled text/images and then asking for a ransom to pay for the encryption key. Hackers typically gain access through email attachments or by guessing passwords, which further reinforces the need for complex passwords. Data loss comes when the hackers steal valuable information during the ransom period, or if the ransom isn’t paid, the hackers will typically leave the data encrypted or destroy it beyond repair.
3. Ignoring Hardware Failures
With the cloud offering affordable and secure storage, it’s puzzling that many firms still secure their information only on local machines. Computers and servers can fail, which immediately exposes the company to data loss. Hard drives and SSDs can become corrupted, and they often fail when exposed to a fall or even to changes in temperature or humidity. Power supplies within these devices are a common problem, as the device then can’t draw power and will not be able to boot. Some of these devices can be fixed, but the modern business can’t be put on hold while a laptop or server is sent in for repairs. Company managers should discuss best practices with employees about securing portable devices and relying on the cloud for data storage.
4. Not Following Security Protocols
Many of the hacking incidents we see on the news are caused by simple errors by staff members. Someone in IT might have an admin password of “12345” or an employee might open attachments from unknown senders. Another conduit for hackers is banner ads from disreputable sites. Companies must put in place strict policies on password management and how to utilize the internet in order to protect the network. Better procedures make the company a less desirable target for hackers. While a devoted team of cybercriminals can hack the most complex passwords, they make money by efficiently targeting easy marks, so they’ll move on when confronted with a challenge. Make hacking difficult by instituting passwords with upper and lower case letters and characters that do not include any actual words.
5. Using Improper Backup Procedures
A very common reason for data loss (especially among smaller companies) is to store data locally, to experience a failure event, and to not have a data backup. It’s 2017, and data storage is very inexpensive, both for physical drives and cloud storage — especially when doing a risk/reward analysis where you compare the downside of losing data with the costs of storage. Businesses should instill strict backup procedures for their corporate data, including processes for individual employees and departments. Moving data to the cloud is an ideal choice, as it removes content and potentially confidential files from laptops, thumb drives, or other more exposed storage methods.
Companies should also make “backups of the backups” due to cheap storage. Smaller firms can move data to the cloud and also backup to external hard drives and store them in a different secure location.