Cyber Security Practices to Mitigate the Risk of Data Breaches

Cyber attacks present a clear and present danger to businesses and individuals globally. Take these essential cyber security steps to protect your business  

According to the 2019 Ponemon Cost of a Data Breach Report, the average annual cost of data breaches in the US is $8.19M. The meteoric progress of technological advancements, virtual data and the internet of things has resulted in a corresponding spike in the incidence of cyber security breaches, hacks and attacks in the form of viruses, worms or other malicious software deployments. By 2021, the Herjavec Group projects $6 Trillion in annual costs worldwide as businesses and society continue on a trend towards increased technology and virtual data reliance.

The fallout from these incidents can be staggering in magnitude, particularly when the victims are corporations with large customer bases – as was the case with the following:

  • 2013: Target – 40 Million credit and debit card numbers hacked from POS system, along with 70 Million records of personal customer information
  • 2014: Yahoo – 3 Billion user passwords and usernames exposed; security questions and answers also compromised
  • 2014: eBay – 233 Million customer passwords and log-in credentials exposed
  • 2014: Home Depot – 56 Million customer credit and debit card numbers, along with e-mail addresses
  • 2014: JP Morgan Chase – 76 Million household and 7 Million business accounts compromised, including stolen contact information
  • 2017: Equifax – 145 Million customers impacted with theft of personal information and credit card information
  • 2018: Marriott – 500 Million customer records stolen, including personal and travel information
  • 2019: Citrix – Significant amounts of business information / documents potentially exposed

Despite the present and continuing threat posed by cyber attackers, businesses need not be defenseless. Proactive defensive and preventive measures can be taken to mitigate the risk. Below is a list of lessons learned from survivors of the more notorious data breaches in recent years:

  • Emphasize the importance of IT security from the Board of Directors down through the entire organization
  • Recognize the threat of malware. Educate employees and continually provide refresher courses on the reality of dangers posed by clicking on e-mail attachments/embedded links from unknown senders or sources
  • Install proactive security defenses – i.e. tools which monitor systems for evidence of attack/hack attempts
  • Implement password rules to bolster password strength
  • Clear and change passwords / logins on a regular basis
  • Ensure firewalls and anti-virus programs are up to date
  • Invest in high caliber IT Network Security Staff or Consultants
  • Employ strong internal cyber security controls and measures – e.g. limiting access to sensitive information and installing multiple levels of authentication for employees with access to sensitive data
  • Encrypt sensitive data
  • Regularly monitor user accounts to ensure validity
  • Revoke access for terminated employees and vendors immediately
  • Ensure third party partners / vendors have strong cyber security protocols in place
  • Continually review and update existing IT security processes and procedures
  • Invest in new technology / tools as needed to support revamped security protocols
  • Perform full back-ups of critical data at least on a monthly basis. Information should be encrypted and stored at a secure, off-site location
  • Schedule recurring, incremental back-ups on a weekly basis
  • Invest in a Cyber security Insurance partner
  • Draw up a robust crisis and incident management plan