Why a Data Security Strategy Matters to Your Business
What is Data Security?
Data security to businesses of all sizes is as vital as oxygen is to human life. Operating without a data security strategy, or with an outdated one, is putting your business front and center to detrimental, damaging, and costly risks.
At the most basic level, data security refers to how sensitive, proprietary, and personal data is protected from being compromised in any way.
A data security strategy is a combination of procedures, policies, protocols, and sometimes technology, that is implemented and followed company-wide.
Why Businesses Should Invest in Data Security
There is more data to protect than ever before.
It’s difficult to track down a hard number of how much data a business creates, collects, and stores. There are a lot of variables that impact the figure, from industry specifics to business maturity.
What is certain is that the amount of data is only increasing, and it’s projected to only continue to do so year-over-year for the foreseeable future.
For some quantifiable context, companies upload an average of 18.5 terabytes of data to cloud applications each month, according to data experts at AT&T. Just one terabyte can store 130,000 digital photos. Long story short: there is no shortage of data.
The threat landscape is growing in size, complexity, and sophistication.
The volume of attacks that a company faces per year, along with the craftiness of each attack, only worsens the threat landscape.
The numbers tell a powerful story: data breaches have spiked by more than 27 percent each year from an average of 102 per company to 130, according to Accenture’s 2017 Cost of Cyber Crime Study. The same study found an uptick in ransomware attacks from 13 percent to 27 percent.
Another study from AT&T found that 80 percent of organizations reported at least one security incident last year.
Organizations should move swiftly to up their defense and develop an iron-clad data security strategy. Being lax on data security not only costs an organization financially but reputationally, which has entire other levels of negative consequences.
Many organizations’ data security strategies are outdated.
In fact, a study conducted by CIO/Computerworld found that 50 percent of organizations surveyed haven’t updated their security strategy in three or more years. With the speed of attacks and the pace of innovation, having a static strategy in place to protect your data is likely doing more harm than good.
Cyber attacks are financially devastating.
The average cost of one data breach last year is estimated by the independent data security research firm Ponemon Institute to be around $3.6 million.
The financial aftermath of a cyber attack includes not just the attack itself, but the cost of recovery efforts from the disruption to both the business and its customers. The aforementioned Accenture study found that information loss is the highest cost for an organization.
Effective Data Security Strategies Don’t Just Protect Against Cyber Criminals
When we think about securing data, we think about how to secure it from those looking to cause harm — cybercriminals, hackers, data thieves, etc. And while that is more than reasonable to consider, it’s only one dimension a data security strategy should prepare for.
Today’s data security protocol, processes, and procedures need to account for the consequences of:
- Employee behavior
- Equipment back-up
- Human error
- Offsite data centers
Organizations’ top perceived threats
As reported in the AT&T’s Global State of Cybersecurity survey, organizations’ top perceived threats for 2018 include:
- Malware, worms, and viruses – 60%
- Unauthorized access to corporate data – 49%
- Ransomware – 46%
- Theft of proprietary company information – 39%
- Compromise of operational systems – 38%
- Compromise of mobile devices – 35%
- Advanced theft of high-level corporate executives – 32%
- Compromise of IoT devices – 32%
- Denial of service – 30%
- Compromise of customer-facing systems (e.g., PoS) – 27%
- A hijacking of social media accounts – 24%
- Website defacement – 22%
- Physical safety risks – 21%
How familiar are you with these threats? Can your current data security strategy protect against them? Conducting a data security assessment is a best practice used to gauge where the strategy stands, and how it can be improved.
Emerging risks to organizational data
In addition to an organization’s data being comprised thanks to cybercriminals, ransomware, and other malicious kinds of attacks, an organization should also factor in other risks to their data.
Short for bring-your-own-device, BYOD is a common practice at many organizations that allow employees to use their own computers, smartphones, and other devices for work.
For organizations, BYOD is a cost saving that cuts out having to provide equipment to each employee, or having to staff an IT department or run a helpdesk.
For employees, BYOD gives them the freedom to use equipment they are most comfortable with and consolidates work and personal life, cutting down having to carry two cell phones or work from two laptops, for example. BYOD also lends itself to a more remote-style work experience for the employee, cutting the tether to having to be in the office.
Yet, BYOD creates a number of security risks, such as:
- Less oversight of computer hygiene (i.e. updating software and passwords)
- Increase use of unsecured Wi-Fi networks
- Increase exposure to malware or viruses
Over half of last year's data breaches was due to employee mobile devices, AT&T reported in their Global State of Cybersecurity survey.
More often than not, employees are prone to use their smartphone with or without an established “BYOD policy” in place. When an employee’s smartphone is used in the business context they aren’t necessarily upheld to the same security standards as a company-issued smartphone such as having a passcode on at all times.
According to the cyber security experts at AT&T, one-third of mobile devices have a medium-to-high risk of data exposure largely due to employee behavior.
Think about it, when you download an app on your phone do you check who developed it? Do you check to see if there is a threat vector — a means for a hacker to gain access — through the application that can easily hop onto the network at the office?
Intentional risks such as downloading sensitive company data to your personal smartphone or inadvertent risks of an employee’s phone being hacked by an outsider, are risks regardless and should be considered a part of a comprehensive data security strategy.
To keep a pulse on the level of awareness your employees have when it comes to company data security protocols and policies, regularly distribute a feedback survey. This practice is a critical part of determining the effectiveness of a data security strategy especially when trying to understand how it influences employee behavior.
An effective data security strategy is one that evolves with innovation rather than being a static end-all-be-all approach.
Data security should be designed and viewed as a living, breathing, continuously evolving business strategy that protects data in all forms and at all costs.
As much as businesses thrive on the innovations of data used to drive decisions, improve products and services, and even helping up employee happiness, innovation is equally as attractive to those looking to cause harm.
And as such, a business’ data security strategy should be held to high standards, the utmost level of sophistication possible, and ready to protect data no matter what or who tries to comprise it.
Staffing a dedicated cybersecurity department, building new policies, procedures, and training, investing in technology solutions, cyber insurance, and running consistent risk assessments all are critical elements to build into your forward-thinking proactive data security strategy.