The amount of information that companies must keep secure is increasing. As a result of technological advances, companies are constantly gaining more data about their clients and customers. They must ensure that data security and privacy remain a priority to protect against costly breaches.
Origin of Data Security Threats
The truth is that most data breaches can be avoided. Specifically, the Online Trust Alliance (OTA) found that 91 percent of data breaches in the first half of 2015 could have been prevented. There are four major ways data breaches occur.
The OTA, which studied breaches involving the loss of personally identifiable information, found that 34 percent of data breaches happen through external means. This is the traditional idea of hacking, where a perpetrator gains access to a system from the outside. External intrusions can happen through gaining user credentials, hacking personal devices connected to a network and finding lapses in the security of an app.
Thirty percent of data breaches are the result of employee actions, whether accidental or malicious. For example, phishing can lead to employees giving access to a hacker. By educating on the dangers of phishing, companies can prevent these embarrassing situations from happening. The OTA reports that insiders can be a threat when they are feeling unhappy, moving to another company or having financial problems. Companies must realize that insider threats to data protection are a reality.
Lost or Stolen Devices and Documents
About 7 percent of breaches occurred because of lost or stolen devices, and another 9 percent occurred because of lost, stolen or misplaced documents. While some of these issues happen by accident, others are planned attacks by hackers to acquire data. It’s easier to steal a laptop than to hack a database, and as long as workers are bringing their devices outside the office, they run risks. These breaches often affect smaller groups of people because of the container features of data protection systems. However, they can still result in big issues and, in some cases, a fine against the company from the Securities and Exchange Commission.
Social Engineering and Fraud
Another popular method used by hackers to gain access to information is social engineering or fraud, accounting for 8 percent of breaches. Social engineering involves deceiving someone into handing over their credentials and using that login to access a system. This was the cause of perhaps the most infamous data breach in recent history, the 2014 Target hack. According to Bloomberg, hackers acquired the credentials of an HVAC vendor to get into Target’s system, allowing them to install malware that stole every credit card number used at any store. Two-factor identification and proper training can help employees stop social engineering attacks, but it’s hard to catch this kind of malicious activity in real time.
What Is Data Security?
With data protection becoming such an integral part of company operations, experts have tried to develop new and effective ways to keep sensitive information out of the wrong hands. Proper data security and privacy measures will prevent data leakage while still ensuring that a company runs smoothly.
According to TechTarget, data security or data privacy is “the aspect of information technology that deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties.” This allows a company to protect data both in the office and in the hands of employees, reducing the amount of weak points hackers look for. Proper data security also protects data when it’s shared with other users outside a company’s security system.
What Data Security Protects
Data privacy issues can involve a wide variety of information, including:
- Health care records
- Financial transactions and data
- Genetic material
- Criminal justice records
- Residence and personal location information
- Location-based services data
- Browsing history
- Personal communications
Best Practices for Data Protection and Security
Data security can only work in conjunction with strong preventative policies to back up the technology. While data security measures can be quite effective, these important strategies help ensure that the technology works.
Keep Up With Patches
Pop-ups may feel annoying and time-consuming, but they exist for a reason. In 2014, HP research discovered that a third of new hacking tools were using a Windows exploitation that was patched in 2010. Although a patch had already been released, users hadn’t updated their patches. This simple operation could have prevented the loss of mountains of sensitive data.
Many of these patches are defined as “critical” and could prevent hacks that are on the rise. The problem is that companies have so many computers working in their network that it’s easy to miss something. But just a single error could cause the whole system to be compromised. Keeping track of the patches computers need is an easy way to ensure data protection.
Reduce Amount of Openings
With the average American home having laptops, smartphones, tablets, televisions and other devices connected to the internet, there are many openings for a hacker to enter. This problem can be multiplied when talking about a company.
Many businesses are unsure of how many computers they have, let alone other devices. This makes the devices an easy target for hackers. Many high-profile hacks occur when hackers discover devices that weren’t supposed to be connected to a network, and thus didn’t have the proper protections. These “doors left open” are a sore spot for companies and an easy way to gain entry to sensitive data.
Encrypt Sensitive Data
One major feature of data protection is encryption. With data encryption, companies can ensure that even when hackers gain data, they can’t do anything with it. But the key is to install encryption at all levels. Retailers must have encrypted card readers for all customers to use, and other companies should encrypt all sensitive emails.
Choose Secure Vendors
Companies must ensure that their vendors are maintaining a high level of data security. Any outsider who has access to the corporate network becomes a threat. An important part of safety is to ensure that these loopholes stay closed.
Understanding Data Security and Privacy
Securing information will continue to play a massive role in business and government. At Point Park University, our online degree programs in information technology, intelligence and global security, and criminal justice give students insight into this rapidly growing field. Discover how a Point Park education can help you reach your career goals by learning more.