A data breach will cost a business $4 million on average, according to a 2016 study from IBM. Large organizations have more to lose; Yahoo’s sale price was reduced by $350 million after being hit by the largest breach in history.
US companies are now scrambling to meet the stringent data privacy rules required by the EU General Data Protection Regulation (GDPR) when it is introduced in 2018. Businesses that fail to comply with GDPR’s broad rules will face a potentially massive fine: four percent of global revenue, which could equal tens of millions of dollars.
There may never be a better case for US companies to fortify their cyber security. Security has jumped to the top of manufacturers’ priorities but barely half of IT professionals are confident in the security of their supply chain.
If your company stores personal data about customers and vendors, even a minor security breach could seriously damage your company’s reputation and cause millions in damages. And with GDPR on the horizon, what can businesses do to protect themselves?
Secure your network Your company network is the gateway to your sensitive data and cyber criminals are experts at infiltrating them.
Symantec lists the top four means of hacker incursion into your company’s network as exploiting system vulnerabilities, default password violations, targeted malware attacks and SQL injections.
“Often these attacks are successful because criminals discover vulnerabilities in the network that the business is unaware of…Attackers can be inside an organization for months, even years, monitoring and exfiltrating the data,” said Paul Fisher, research director for cyber at Pierre Audoin Consultants (PAC).
To prevent these incursions, you’ll need to employ a variety of solutions to shut down potential vulnerability. Even the most basic protection will discourage many hackers.
Tighten your network security by implementing strong passwords and ensuring these are never written down or stored without encryption. Logins to your systems should also be set to expire after a period of inactivity.
Limiting company admin privileges, like the number of people with admin accounts, will reduce the opportunities for intruders to gain access to them. An intruder with admin account access could wreak havoc on your systems by leaking or manipulating your sensitive data at will.
Some networking solutions also provide tools for tracking and visualizing users across your network, allowing your IT team to identify and react to suspicious activity in real-time.
Encrypt your data But security doesn’t end at your network and concentrating resources on defending your perimeter will not suffice. Businesses must also now accurately identify and protect their information, wherever it is stored.
By enforcing data protection policies across servers, networks and endpoints throughout your business, you can reduce the risk of a data breach.
Data encryption is one of the most popular and effective security methods, but it’s often ignored. 60 percent of businesses that lost information as a result of a data breach had not encrypted their data, the Ponemon Institute recently discovered.
To reduce the likelihood of a breach, and to reduce your company’s liability if one does occur, it’s crucial to encrypt your files.
