Don't let your firm be the next big data breach headline
“We’re no longer in a situation where it’s a case of ‘if I am going to get breached’. It’s more a case of how often you are going to get breached and how long those people are going to be in for.”
These are the sobering words of cyber forensics professor Dr David Day.His words are all the more concerning when you consider the effects that cyber-attacks have on a company. The US National Cyber Security Alliance found that 60% of SMEs are unable to sustain their business within six months of a cyber-attack. Imagine, after all the years of hard work that it has taken to progress your business, it is defunct overnight.
It is extremely important, therefore, to ensure your data security is as strong as you can possibly make it. This article will outline some of the main causes of data breaches, and how you can protect yourself.
Some real-life examples
TalkTalk, the telecoms company, was hit by a cyber-attack in October 2015. The result was 157,000 customers having their personal details stolen – 15,656 of these customers had bank account numbers and sort codes stolen. The hack was widely publicised in the media and TalkTalk lost around 100,000 customers in the months immediately following the hack.
The hack is estimated to have cost TalkTalk £35m in one-off costs (such as calls into call centres and additional IT and technology costs), when you factor in the costs of lost revenue the damage is closer to £80m.
Then there’s the well-known story of Ashley Madison. A group of hackers acting as internet vigilantes hacked the website and stole the personal details of 32 million account holders. What made this hack all the more troubling is that Ashley Madison offered to fully remove user data from their servers for a one-time payment. It became clear that this was a lie when the email addresses of people who had paid to be removed turned up in the hack.
Users whose details were leaked are filing a $567 million class-action lawsuit against the parent company of Ashley Madison. The brand of Ashley Madison is now irreparably damaged. There have also been reports of a number of suicides linked to the hack.
But my company is too small to be targeted by hackers…
Understandable logic, but consider the following facts:
- A PwC survey found that 63 percent of small businesses were attacked by an outsider in 2013
- 57 percent of respondents to this same survey had suffered from staff-related security breaches
- IBM’s “2014 Cyber Security Intelligence Index” found that 95 percent of all security incidents involve human error. Human error can occur in businesses of all sizes, and is often painfully easy to guard against
Is burying your head in the sand really an effective protection?
Practical ways to avoid getting into trouble
Perhaps the best way to identify basic ways to protect yourself is to take a look at some of the common ways human error causes data breaches.
- 61% of staff use file sharing tools or don’t delete sensitive data
- 26% of incidents involve sending sensitive data to the wrong person
- 30% of staff click on “phishing” messages
- 12% will click on malicious email attachments
Microsoft report that 7.52% of all workstations used for web browsing remain on Windows XP and 600,000 internet connected computers run server 2003. Support for Windows XP was ended by Microsoft in 2014 – meaning that for two years all XP machines have been vulnerable to data breaches. If you’re currently sitting, red-faced, in front of your Windows XP computer – it’s time to upgrade.
Furthermore, every year a list of the most popular passwords is released. This year (2016), the top 5 were as follows:
So, based on the above facts, how can you be proactive about guarding against data breaches?
- Reduce transfer of data – removable storage devices should be banned outright or at least banned from transferring particularly sensitive data
- Educate your staff on how to look for phishing emails, remind them to check the email addresses they receive their mail from
- Remind staff to change their passwords regularly and ensure that they are hard to guess – preferably, insist they include at least one number and one capital letter
- Shred files – shred all sensitive files and documents once they are used
But how can you go one step further?
Whilst it is important to plug the basic holes in security, you may wish to improve your security beyond the basic level. But if you aren’t an IT expert, how can you possibly do that?
Is it time to outsource your IT for a cloud solution?
By a cloud IT solution, I am not referring to consumer cloud products such as Dropbox and iCloud. Because they are consumer products, they do not require the same security measures that a B2B solution does. I’m referring to a secure, cloud solution from a provider who makes security their top priority.
Ponder the fact that for many managing directors, IT is not their speciality. Indeed, nor is it their interest. Is updating the latest security patches on your company server likely to be high on your list of priorities? Are you likely to be constantly monitoring your server to ensure data isn’t being taken and that there are no malicious files lurking within it?
In contrast, for a cloud IT company, security is a top priority. They will be constantly monitoring their servers and they will be constantly keeping their patches up to date.
What you’re looking for
If you want confidence that your data is in safe hands, you’re looking for an IT company that can boast the following:
- ISO27001 certified – this is the industry standard of data security and is updated every year. A company with this certification has had to prove they deserve it every year they’ve had it
- Disaster Recovery/Failover built in to their systems
- At least two datacentres available to each customer for failover options
- Redundant/Resilient power and internet supplies at each datacentre
- 2 Factor Authentication options for accessing data
- Logical and physical segregation of customer applications, configuration and data
Accept nothing less.
By implementing the measures I have discussed so far, you can give your business the upper hand in the ongoing battle against hackers, and ensure that it is not your name in the next headlines.
Posts by Tag
- cyber security
- IT Security
- Managed Service
- Microsoft 365
- cyber attack
- cloud computing
- cyber privacy
- flexible work
- hosted desktop
- independent schools
- school ict
- Hosted Workspace
- IT support
- office 365
- Working from home
- cloud it
- Microsoft Teams
- public cloud
- internet safety
- Password Security
- Skype for Business
- hosted applications
- it consultancy
- it consultancy hampshire
- it support dorset
- office 365 support
- Hosted Desktop and Applications
- child protection
- data breach
- email security
- hybrid cloud
- it consultancy bournemouth
- it consultancy dorset
- it consultancy southampton
- it support bournemouth
- it support hampshire
- it support southampton
- it support winchester
- private cloud
- windows 10
- 3d design desktop
- european union
- legal it
- personal data
- IT Director
- New Forest
- closed cloud
- cloud voip
- desk phone
- internet of things
- mobile phones
- modern technology
- offsite backup
- onsite backup
- Ignite 2018
- Windows 7
- Windows Virtual Desktop
- afc bournemouth
- artificial intelligence
- ashley madison
- big data
- cambridge analytica
- cloud cctv
- computer performance
- digital hub
- executive order
- josh widdicombe
- legal technology forum
- machine learning
- premier league
- solent business awards
- united states
- vault 7
- vitality stadium
- white house
- wireless internet bournemouth
- wireless internet southampton
- women in business