No company today, from an international corporation to a small business run by a single person, can exist without a firm online presence. However, this very fact makes them increasingly vulnerable to data security breaches, which can cause all kinds of unwanted results, even going as far as endangering the very survival of a business. However, the mistakes made in this respect are rather common, and by avoiding them, you can greatly decrease your risks.
1. Being satisfied with achieving compliance
Compliance with security standards doesn’t equal security. However, many companies approach this issue completely formally: after getting their certification, they are fully ready to rest on their laurels, believing that they are fully protected against all security risks. As a result, some of the worst security breaches happen to organizations that formally were fully compliant.
Never stop improving your security system. Threats are evolving with breakneck speed, and you should follow suit. A piece of paper will not protect you from breaches.
2. Not knowing where your data is and who accesses it
You can hardly speak of data security if the company isn’t aware of what is happening to its data on a day-to-day basis. How and where is it stored? Is it single storage or a haphazard collection? Where is it being sent? Who has access to what? How is it used? Unless you track all these things, you cannot even begin to establish effective data security.
You can begin by signing up for a cloud solution that can solve many problems regarding uniformity and access issues.
3. Poor password hygiene
Many businesses don’t instruct their employees about how they should use passwords and what precautions they should take to avoid security risks. As a result, a recent survey shows that 41% of adults habitually share their passwords with their friends, relatives, and co-workers, and 39% use the same or very similar passwords for many if not all their online accounts, mixing up professional and personal ones.
Teach your employees proper password security measures: what types of passwords shouldn’t be used, how they should protect them from theft, and so on.
4. Not disclosing breaches when they happen
One of the worst things you can do, trust-wise, is to try and conceal a data breach when it happens. If your clients’ information was compromised, immediately make that news public so they can take measures to protect themselves. If you try to hide the fact to save face, what you achieve is exactly the opposite: you give the criminals free rein with stolen data and leave your customers completely defenseless. When – not if – the breach becomes known, your reputational losses will be far greater than if you made it public immediately.
5. Not assigning responsibility for data security
Even if your employees are aware of how important it is to maintain data security, if you don’t assign somebody to be responsible for the delicate information that any modern business collects and processes, nobody is responsible. This becomes immediately obvious when something happens and you can’t locate the person who should have been accountable for dealing with that issue.
6. Failing to fix known vulnerabilities
According to a study by Gartner, 99% of breaches by criminals are through known vulnerabilities, the majority of which are at least six months old. This means that businesses consistently neglect fixing vulnerabilities for months. This is not an issue of split-second decision-making when updating all the software immediately after a new incident becomes known, but of ongoing carelessness and lack of a systematic approach. These issues can be resolved through regular, standardized fixes.
The great majority of security breaches suffered by businesses are caused by mistakes that may look obvious and even silly. But this also means that, by applying a little bit of effort and consistency, you can protect your company from most risks without spending considerable resources.