Information Security: Are Data Breaches Becoming the Norm?
Consumers are becoming increasingly blasé about data breaches according to a survey conducted by Software Advice, part of research company Gartner.
It found over three quarters of respondents were not aware of the eBay breach, widely reported in May 2014, which forced the online auction site to advise 145 million customers to update their passwords.
The 2014 Aftermath of a Mega Data Breach study by Ponemon is further evidence that consumers are starting to perceive data breaches as the norm – 61% of respondents said ‘data breaches affect most companies and I think it’s unavoidable’.
When asked how they responded to notifications of data breach incidents in the past two years, 32% ignored the notification.
This “breach fatigue” amongst consumers, in part caused by panicky headlines in the media, could pose serious long-term consequences for information security and the protection of personal data.
As the Software Advice survey's authors conclude, "Public anger at data breaches could act as a strong incentive for firms to improve the quality of their security; in its absence, that incentive may be lacking. Meanwhile, if the public is unconcerned about the wholesale leakage of sensitive data by firms to which they have entrusted it, it seems unlikely they will be doing much to protect their own identities".
And finally "Target has put the costs of its breach at $148 million: Whether the public is paying attention or not, breaches are expensive."
In the wake of seeping apathy and increasing costs, experts are warning businesses that it’s important not to let their data protection guards down. And in particular, small and medium businesses with leaner budgets and less formal information security policies may be more at risk of being targeted by identity thieves and other criminals.
The following safeguards are recommended for every organisation:
- Create a comprehensive information security policy and a company-wide culture of security.
- Develop a Bring Your Own Device policy - or even better, a Choose Your Own Device policy - to provide better controls over your company data when accessed by employees via their personal mobile devices. A lack of clear guidance and policy to follow, combined with irresponsible employee behaviour online, can make companies easy targets for hackers.
- Schedule ongoing employee training that highlights practical solutions and procedures.
- Protect sensitive data in and outside of the office with a Clean Desk Policy and security-driven best practices.
- Bolster network and computer security with secure file transfer, the best encryption software, strong authentication, and other data management and security solutions.
- Retain only the personal information that is necessary for your records and operations, otherwise, partner with a document shredding provider to destroy documents that are not needed.
- Limit access to confidential information to staff that need the information to do their jobs.
- Put an aggressive incident response plan in place. The Ponemon study showed that following a data breach, consumers want identity theft protection (63%), the best credit monitoring services (58%), and compensation (67%).
- Implement a document management system including a retention schedule and secure document destruction. Shred-it’s Document Management Solutions Ebook provides a comprehensive guide.
Check out our free security checklist to help identify areas in your business where a data breach may occur or join the conversation on information security with @Shredit_UK