How to avoid data breaches

Mistakes cost big money.

A data breach can be a costly situation – and not just in terms of the data lost. It can literally lose companies money – the average cost of a data breach has risen 130% in the last 14 years to reach $8.2 million, according to research by IBM. But it’s not just the monetary loss, not the value of the precious data that disappears that you have to take account of. 

There’s also the impact on a company’s reputation for misplacing, losing, or having data stolen from them, and the loss of confidence that it can instill in customers. People who might otherwise have been fiercely loyal to a particular company could soon turn sour when confronted with the reality that the organization they trusted to keep their most precious information safe didn’t do so.

So how can you avoid being one of those companies, and making sure that a data breach doesn’t occur? It’s never a foolproof plan, and breaches can happen any time – and aren’t necessarily anyone’s fault. But here’s what you should keep in mind to mitigate the risk of it happening.

It’s not always hackers

Many people assume that every single data breach is the result of an unwanted incursion by a black hat hacker into a system, designed to steal away precious data cargo. But sometimes it isn’t: it can happen within organizations too.

Whether it’s deliberate or not, sometimes data gets misplaced.

Employees can accidentally send data that isn’t meant to leave the organization to a third party, while the insider threat of someone with a plan and a way to gain vengeance on a company is just as likely. For that reason, it’s vital that companies keep track of who has access to what, and when. 

You should also control the way that data can be accessed. It’s easier to lose a cell phone containing precious data than it is a laptop, and USB memory sticks can disappear behind the backs of sofas, between train tracks, and out of pockets. Making sure there are strict limits on how people can take the most precious data and then transfer that physically is important.

Keeping your defenses secure

Of course, the majority of data breaches aren’t accidental. Hackers know the value of data that companies hold, and they’re keen to take advantage of that for their own goals. So it’s important that companies and their employees are aware of the different vectors that hackers use to access data and steal it away.

Most commonly, hackers will find a way into companies’ systems by phishing – social engineering attacks designed to trick workers into inputting personal data or installing software that can then be used to take away data without anyone noticing. 

Being aware of the risk and being suspicious of any unusual activity is important.

Some hackers prefer to force their way in, using brute force attacks by simply guessing at passwords to protected systems until they chance upon the right combination. This method is used less commonly because of the time and computing effort it takes – plus the increased likelihood of getting caught – but it can still happen.

Protecting yourself through common sense

The most obvious advice to stop brute force attacks is to not use the same old passwords for private, secure systems. Make it difficult to guess, and the hackers won’t be able to finagle their way into systems. But that’s not the only way people gain entry.

It’s also possible to exploit gaps in operating systems and software by using carefully targeted malware. This can include spyware, which logs keystrokes and therefore takes all the guesswork out of obtaining passwords. For that reason, it’s vital that you regularly scan systems for unusual software and keep things up to date when it comes to operating systems.

Stopping data breaches is difficult because accidents happen – and there are plenty of bad guys out there. But you can reduce the likelihood of them happening by following good practice that makes the chance of it happening smaller.