We all know that keeping data secure is important. To be careless is to put all your sensitive company and personal information up for grabs, making your business vulnerable to data breaches and putting you and your employees at risk for identity theft. And yet, when it comes to data security, a relaxed approach to data security is all too common.
How relaxed? Here’s a snapshot of notable data breaches in 2023:
- The social media site Reddit was the victim of an intricate phishing attack. The campaign targeted Reddit employees with emails pointing employees to a website that cloned their intranet gateway in attempts to steal credentials and two-factor authentication tokens.
- Potential American and Southwest Airlines candidates had their data stolen after a data breach at the airlines’ recruitment software company. Hackers gained the names, social security numbers, passport numbers, dates of birth, and driver's license numbers of those who applied for airline jobs.
According to the data security company Kaspersky, the most common cause of company data breaches isn't hoodie-wearing hackers. It's a little thing called employee error.
Employee error can include things such as:
- Weak passwords
- Unintentional leaks
- Falling for phishing scams
- Lost or stolen laptops, tablets, or cell phones
- Improper storing or disposal of confidential paperwork
That's a lot of error, a lot of compromised information, and a whole lot of risk.
Human error, weak passwords, and lax security practices can have huge financial consequences for businesses. And while the actual cost associated with data breaches varies by industry and the number of stolen or compromised records, one thing remains clear: data breaches are expensive.
An IBM study found that the average cost of a data breach is – brace yourself – almost 5 million dollars.
Meanwhile, post-breach damage control adds additional time and resources to the loss column. And recovering from negative press and the loss of client trust can be a serious uphill battle.
Let's talk about passwords
Ever created a weak password with the intent of going back and changing it later? What about using the same password for all your accounts? Or sharing passwords with family, friends, or coworkers?
Think you're being clever by using seemingly random keyboard combos as your actual password? So does everybody else.
According to a 2023 study by NordPass, "123456" is the most popular password out there (used by 4.5 million people), with the second being "admin" and the third being 12345678. Other combinations such as "password," "1234", and "qwerty" also ended up on the list.
It's understandable. People are becoming increasingly frustrated by the ridiculous number of passwords and PIN codes necessary to navigate everyday life. But poor password hygiene is risky. The NordPass study also mentioned that of the most common passwords, 17 can be cracked in less than a second.
And speaking of stolen…
Let's talk about our devices: laptops, tablets, cell phones. Pretty much everyone uses them for work. But how secure are they? And how often do they disappear?
CCB Technology found that a lost or stolen device causes 60% of all data breaches. Think it won't happen to you? Think again. Here are some troubling statistics:
- Around 70 million smartphones are lost yearly.
- Over 2 million laptops are stolen every year in the U.S.
- 74% of laptop thefts occur in public places or during travel.
- A laptop is stolen every 53 seconds in the U.S.
- 20% of laptop thefts are due to a lack of physical security precautions.
- 40% of data breaches happen when laptops are stolen from company offices.
- Over 97% of stolen laptops are never recovered.
But it's not all about electronics. Confidential data can also be stolen right from your computer screen. A study by Ponemon, in conjunction with IBM, showed that visual hacking (obtaining information through simple, visual means) is on the rise, with 55% of business managers showing no concerns (!) and taking no steps to prevent prying eyes from viewing their sensitive and personal information on their screens.
Here’s what you can do to enhance your security
Your IT department may be knowledgeable about these issues, but do your employees know the risks associated with lax data security practices? If you don't tell them, you can't be surprised when they don't know.
- Create a culture of security.
- Teach your staff how to create good passwords, spot suspicious emails, and secure electronic and hard copies of data.
- Train from the top down, and do it often.
Technology changes quickly, so this isn't a one-and-done adventure. Commit to keeping everyone up to date.
Telling the team isn't enough. Take the time to properly document and enforce your security policies.
- How is data to be handled, stored, and disposed of?
- Where is information kept, and who has access to what pieces?
- Be clear about permissions and err on the side of caution.
Consider implementing an on-site visitor policy so you know who is coming and going and a clean desk policy to help keep sensitive data out of plain sight.
Technology is a double-edged sword. Make sure it's working for you and not against you. Many tech solutions are out there to help you thwart potential technology mishaps.
- Keep your software updated.
- Use SPAM protection and email filters.
- Enforce a secure password-sharing app for all company accounts.
- Consider using two-factor identification (2FA).
Don't let data security be something you learn about after the fact. Start with the small stuff (new password, anyone?) and work your way up to the bigger stuff.
Photo by serezniy