Most businesses, large or small, are aware of the threats to their data security, whether from viruses, hackers or their own internal employees. Although the direct cost associated with responding to a breach can be staggering, a recent study found that the biggest financial consequence to organizations that experience a data breach is actually lost business.
The 2022 Cost of Data Breach Study showed that the average cost for a data breach in the United States is $9.44 million.
The top causes of data breaches have remained the same for several years: criminal and malicious attacks that take time to detect and contain.
Consider these simple practices to help protect your sensitive data:
- Keep sensitive data out of unauthorized reach – Put away files to keep sensitive information away from bystanders and other prying eyes at the office or in public areas where you may be working. Be alert to who could be looking at your computer screen or work materials. Don’t leave sensitive data unattended, even for a short time. Use an anti-glare privacy filter to limit others’ view of your computer screen.
- Lock up sensitive data – Lock cabinets, file rooms or other areas that store files containing private data about customers, clients, patients, accounts and employees. Require employees to lock their computer screens when they leave their desks.
- Restrict access to data – Allow access only to those who have a need to know sensitive information, whether physical or electronic. Put written procedures in place defining who has access to restricted information.
- Determine what information is necessary – Collect and keep only the data that is absolutely necessary to conduct business. Collecting excessive personal information, such as Social Security numbers you do not need, can be more of a liability than an asset.
And for dealing with technology:
- Limit the use of portable technology – Restrict the transfer of sensitive information from on-premises computers to portable devices, such as cell phones, laptops and USB flash drives. If it is necessary to put confidential data on these devices, make sure information is encrypted and password-protected.
- Use password protection and encryption – Always encrypt sensitive information. Inexpensive or even free encryption technologies are readily available.
- Install anti-virus, anti-spyware and firewalls – Run all systems with the most recent enterprise-level anti-virus, anti-spyware and anti-malware applications. Use firewalls to control access to the Internet and to lock out hackers.
- Properly dispose of technology hardware – Implement policies on how to securely destroy old computers, disks, tapes, copy machines, fax machines, printers, scanners, CDs, memory devices and other equipment that may contain sensitive information.
This loss control information is advisory only. The author assumes no responsibility for management or control of loss control activities. Not all exposures are identified in this article.