2015 has seen some of the most crippling data breaches in history. In February, health insurance provider Anthem revealed a data breach thatcompromised 80 million records of both patients and employees. The same month, a breach revealed by BlueCross BlueShield affected 11.2 million subscribers and exposed data such as Social Security numbers and even bank account information.
In June of this year, the Office of Personnel Management revealed possibly the most crippling data breach of all time. One that caused the Director, Katherine Archuleta to tender her resignation one month later. The data compromised in this breach consisted of government personnel and their immediate families along with some personal and professional connections. Approximately 42 million records were affected and 1.1 million had their fingerprint information exposed.
No one is exempt from being victims to these attacks.
The sheer amount of data that has been compromised in the breaches of 2015 is bone chilling. These breaches exposed personally sensitive information of customers, employees and even third-parties who may have not opted to have their data shared in the first place.
These events serve as a wake-up call to organizations of all sizes. Survey data showed that 96 percent of consumers hold the company responsible and not the cyber criminals infiltrating their networks.
No longer is it a matter of if, but when you will you be hit by a cyber attack. And if it happens to you or your organization, will you be able to sufficiently fight off any would-be attackers to avoid this altogether? There is a silver lining in all of this — the technology exists to help business successfully prevent this from happening.
Step 1. Assess Your Customer Data
Are you storing customer data for recurring subscriptions? Are you a retailer that integrates with client banking? Do you have a need to store Social Security numbers? Understanding the “what” and the “why” of your customer data will help you begin formulating a plan for ensuring the security of the data.
Step 2. Partner with an Expert
Small and large businesses can benefit from partnering with data security agencies such as LifeLock to develop and implement strategies to improve security. The benefits to doing this are obvious. If you don’t possess the resources or know-how within your organization, and even if you do, it is a great idea to partner with a company or agency that can help advise and formulate a strategy for you to implement.
Step 3. Educate, Authenticate, Encrypt & Monitor
If you deploy all four of these strategies together effectively, you’ll be well on your way to making your business and customers more secure.
The first on the list is educate. Start internally within your organization by building a culture that values security as a priority. Disseminate educational material and conduct training to bring personnel up to speed with your policies, and stress the need for them by discussing some of the current events.
Next is authenticate. Make sure company computers have strong administrator passwords that are changed regularly, as well as the latest firewall and antivirus technology.
At a minimum, if you are storing sensitive customer data such as banking account info and Social Security numbers, you absolutely must encrypt the data. Not only is this easy to implement, encrypting your sensitive data can also protect you and your customers from the majority of data breaches. Retailers use E2E or end-to-end encryption for credit card swipes.
Hackers can’t retrieve encrypted data without an encryption key to unscramble it. If you encrypt your personal data and lose your password, your data is as good as scrambled irreversibly into oblivion. If your customer’s data is floating around or even being stored unencrypted, you are opening yourself and your customer’s up for major trust issues as well as a lot of unnecessary headache.
Finally, you’ll need to put in place effective multi-level monitoring of all your systems to perform routines to detect known malware and identify weak points in your servers. You wouldn’t want to be one of the companies who embarrassingly fails to detect the same malware used in previous attacks.
[su_box title=”About James” style=”noise” box_color=”#336588″]Experienced tech entrepreneur, product geek and songwriter, James has a unique take on all things related to product design. He is the Sr. Product Manager for DSGN CO where his focus is developing impactful products for clients such as Nike, Fender, Disney, T-Mobile, Toyota, about.me, Warner Bros. and more.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.