According to IBM’s 2021 Cost of Data Breach Report, the average cost of a data breach this year was $4.24 million, 38 percent of which was due to business loss: reduced revenue, system crashes, and reduced reputation.
While we traditionally look to our IT departments to manage security programs, provide employee training, and implement policies to keep us and our data safe, this simply isn’t enough.
There is an old saying: “You are either hacked or you are going to be hacked or you are currently being hacked”.
This does not necessarily mean that a data breach is inevitable, but we should not think of a data breach as unlikely. Our approach to data security must include not only IT safeguards, but also business continuity planning, incident response planning and crisis communications planning. It’s time to shift our thinking from simply preventing data breaches to minimizing damage when they occur.
The best way to mitigate the impact of a data breach is to create a culture in the workplace where it is natural for employees to think about data security, and this initiative should be management-led and involve human resources, operations and communications, working hand in hand with IT.
Even a small business, without a lot of security tools, can help itself in this way. Most of the time, it’s not the fact that a company has been hacked that causes the biggest problems, but rather what the hackers find.
Here are some steps you can take right away to help yourself and your organization:
1. Know what information you have and where. When a data breach occurs, the first thing everyone wants to know is what was stolen. Depending on the type of breach, it may take weeks or even months to verify that information. Do you know what documents are in your temporary folders? How long do emails stay in the deleted folder? Make sure to organize your information now to prevent hassles later.
2. Delete what you don’t need. According to an IBM report, customer personally identifiable information (PII) was involved in 44% of violations this year and cost an average of $180 per lost or stolen record. You probably don’t need all those personal details from that customer who bought something from you five years ago. Create a company retention policy and go to your files regularly to delete or archive what you don’t need.
3. It operates on a need-to-know basis. We’ve all overused the CC function when sending an email, but this creates multiple copies of the same information, which is now in multiple email inboxes and on multiple computers. Before sending this email, give someone permission to view this document, or add someone to this shared folder, and make sure they absolutely need this level of access.
4. Be alert after leaving the office. The best way to stay in this safety mindset is to practice it all the time. The tips and tools you use at work can also be used at home. If you think about securing your personal data the same way you handle corporate data, it becomes second nature.
Every workplace has a culture shaped by a shared mission, vision, goals and values.
As the potentially massive impact of a data breach will be felt at every level across the entire organization, the responsibility to foster a data security culture must be shared by all.
Cultural shifts are not easy, but they are worth it.
Casey Self, APR is a strategic communications consultant who helps organizations prepare for and respond to data breaches. She can be reached at firstname.lastname@example.org.