It’s coming from inside the house.
Or in this case, inside your company.
When it comes to data breaches, we often focus our attention on dangers coming at us from outsiders who wish to take our customer data, intellectual property, financial reports, and other vital company information and either hold it for ransom or leak it publicly.
That’s a legitimate concern. The average cost of a data breach among companies surveyed reached $4.24 million per incident in 2021, the highest in 17 years, according to a 2021 report from IBM and the Ponemon Institute. And while the number of publicly reported data breaches in the U.S. did decrease 9 percent in Q3 2021 compared to the same period in 2020 (446 this year compared with 491 last year), the U.S. has already exceeded 2020s total breach numbers by the end of September (1,291 breaches as of September 30, 2021, compared to 1,108 in all of 2020). That’s up 17 percent – a big deal.
But those breaches aren’t solely the work of nefarious data-grabbers from outside your organization. At least one in three reported data breaches involve an insider, according to a recent study conducted by Aberdeen. That same report found that data breaches from insiders can cost as much as 20 percent of annual revenue. (Read the full report.)
But before we start tossing suspicious glances at every member of our dedicated teams, know this: 78 percent of those insider breaches are unintentional. Meaning yes, there are cases where employees purposely leak company information for a variety of reasons (read about 17 Real Examples of Insider Threats), but the bulk of them are inadvertent.
Those breaches are largely due to compromised credentials and poor file management (the latter risk increasing greatly when large numbers of employees began working from home at the start of the pandemic).
Many companies don’t have a reliable method of tracking file movements due to a lack of tools or security protocols. Files are moved around on unsecured machines or platforms, resulting in enormous vulnerabilities.
Credentials are also compromised in a multitude of ways. Reusing passwords on multiple platforms or using easy-to-guess credentials paves the way for hackers to access company files. Falling victim to phishing attempts puts companies at risk, too. All it takes is one unsuspecting team member to click on a link in a phishing email, and suddenly your data is exposed. (Learn Tips to Spot and Avoid Phishing Attacks in our blog.)
To ensure your critical company files are secure and prevent a future breach – unintentional or otherwise – here are some tips:
Regular Risk Assessments
Know where your vital files reside, who has access, and all the threats your systems face – internal and external.
Monitor and Control Remote Access
This is especially important for teams that work remotely.
Implement Security Software
Develop and enforce clear policies and protocols related to company credentials and file access.
This should include policies on file use, account management, and passwords.
Educate Your Team on How To Spot Phishing Attempts
Ensure every member of your team knows what to look for and how to respond to suspicious emails (such as alerting the IT department).
Identify and Respond to Suspicious Activity
Secure Backup and Disaster Recovery Plans
Back up fully and frequently, and have a well-mapped-out disaster recovery plan that can be implemented quickly.
If you have any questions about your company’s cyber security, please reach out. We would be more than happy to help.
Tips to Spot and Avoid Phishing Attacks
Get Ahead of a Hack: Why Cybersecurity Matters for Every Business
IBM Report: Cost of a Data Breach Hits Record High During Pandemic