Best Practices for Protecting Customer Data from Cyberattacks
The Rise of the Internet of Things and Cyberattacks
Have you heard of the Internet of Things? If not, it’s a vast and growing network of digital devices and their related technologies, such as WiFi and online portals, that share data through the internet.
Consumers will use an estimated 6.4 billion connected “things” in 2016. That’s 30 percent more than last year-and the number is expected to climb to 20.8 billion by 2020. All of these “things” represent potential weak spots in a company’s data security.
And as the Internet of Things has grown, so have cyberattacks. The number of attacks has escalated by 176 percent in the past five years, and more than eight in 10 organizations say they’ve experienced data breaches.
The cost of each data breach is increasing too. One study found that the average total cost grew 23 percent over the past two years to $3.79 million. Businesses that suffer a breach must pay, on average, $154 per lost or stolen record – a six percent increase from 2014.
When you consider that the average incident involves 28,070 compromised records, those costs add up fast.
It’s not just a problem for large corporations, either. Small and medium-size businesses are also at risk. In the digital age, it’s not so much about the size of a company’s revenue or payroll as it is about the amount and sensitivity of customer data they collect.
How to Protect Your Customers’ Data
As a result, 61 percent of data breaches are ultimately committed by employees; around 36 percent stem from employee mistakes, while another 25 percent are initiated by malicious insiders.
Employee error aside, outside hackers still pose a significant threat to businesses. It’s up to leaders to prioritize creating secure information systems for their customers. Despite the immediate threat posed both by employees and cybercriminals, more than a third of IT professionals say data privacy isn’t even on their executives’ radar.
To help prevent data breaches, companies should:
1. Train employees on data privacy.
2. Limit data access.
The less customer data employees have access too, the fewer opportunities there are for a data breach (intentional or otherwise). By setting up multiple levels of user access within your company, you can limit employees to only the information they need to do their jobs effectively.
3. Protect employee mobile devices.
Nearly a third of U.S. employees store corporate data on their personal smartphones, and more than 70 percent of IT decision makers consider mobile devices to be a major security risk for businesses. To manage mobile-related risks companies can use remote wiping capability as a key tool. Additionally, businesses can require employees to notify the company if a device is lost or stolen.
4. Use data loss prevention (DLP) tools.
A DLP platform offers a heightened ability to monitor and track data. It also allows business leaders to automate and enforce policies regarding how customer data is used and transferred. For example, the software can block any files containing a Social Security number from being sent outside the company. While DLP technologies are typically recommended for larger businesses, they’re also helpful for smaller companies with big data privacy needs.
5. Obtain a data security audit from a third party.
A security audit performed by an outside party can provide an objective review of your data privacy infrastructure as well as recommendations for bulletproofing your information security system.
With several high profile corporate data breaches in the not-too-distant past, customer data security is a major issue for many businesses-and it’s only going to continue to grow. Companies that are proactive about protecting their customers’ information will have the advantage as information privacy demands continue to grow.