Data leak prevention: Mistakes to avoid and tips to remember
While many companies have not yet dealt with a data breach, in today's technologically advanced environment, no organization is immune to the risk of data leakage.
"In security, if you're the good guy, you're playing defense," said security expert Benson Yeung. "If you play defense long enough, you lose. Something is going to get you."
Data breaches can have a variety of consequences, including loss of customers, fines, lawsuits and the possibility of harming the company brand. According to Dark Reading, a majority of businesses have experienced a data breach or expect a data breach resulting in customer and partner loss. Additionally, 65 percent of organizations expect serious financial losses due to data leakage or have already experienced financial consequences. On average, companies paid $9.4 million to correct a data breach in the last 24 months.
Dark Reading stated that one of the most common mistakes made by companies experiencing data leakage is not engaging with outside counsel. When a data breach happens, organizations should contact an outside attorney as soon as possible. This legal assistance can help the company determine which law, regulation or guidance is pertinent to the situation at hand.
Another common mistake occurs when an organization does not have a predetermined emergency decision maker in place. While this may or may not be the head of the company, every business should assign a single person, or employee from each team or section, to be in charge of the response plan, stated Dark Reading.
IT consultant Robby Hill reminded businesses that the risk of a data breach goes beyond the security solution provider, and said that companies themselves must work proactively, in addition to having security measures in place.
"That's hard for the customer to understand," Hill said. "That at some point there still falls a level of liability on the customer. There's only so much we can do before it comes down to [the fact that they] need to care for [their] information."
Businesses should employ endpoint security software and make sure all employees, especially those working on their own devices remotely, understand the policies and procedures in place to secure data. Employees should be wary of unsecured Wi-Fi networks and be sure their device isn't lost or stolen, especially if it contains sensitive information. Devices should be locked whenever possible, lowering the risk of a cybercriminal hacking into a lost or stolen device.