Wednesday, March 9, 2016

Enterprises Need To Protect Customer Data


While I have been working in the cybersecurity industry for slightly over six months now, I recently read a CMSWire article from David Roe that still managed to surprise me a little. The article stated new research from the AIIM (Association of Information and Image Management) indicated that 26 percent of organizations have lost customer data in the past year – and those are the ones that know about it.

Think about that for a second. Of all the companies out there that you do business with – the ones that have your name, your address, your phone number, maybe even a credit card number, or worse yet, your social security number – one in four of them knows for certain customer data in their possession has been compromised. Factor in those companies that don’t know but have already been compromised as well, and it paints an even scarier picture for us as consumers.

And if this statistic hasn’t floored you yet, let me share another sentence from Roe’s article: More than 36 percent of small organizations, 43 percent of mid-sized and 52 percent of large organizations have reported data breaches in the past 12 months.

See how this situation just got even worse? Which is more likely to have your credit card number or your social security number, the small organization or the large organization?

And to top it off, according to additional research from AIIM, not only are data breaches increasing with each passing year, they actually still remain nothing more than an abstract discussion point in most enterprises, according to Roe’s article. It seems that while organizations may care about security, their lack of understanding about what to do about it has them focusing on other things like theft by internal staff and proper disposal of obsolete electronics.

So, if I don’t have you scared enough about your personal information as it sits in the hands of the companies you do business with, let me share two more statistics from Roe’s article – only 13% of the organizations surveyed suffered data breaches because of straightforward external hacks, while 28% of data loss was due to staff negligence.

And what does the cybersecurity industry consider staff negligence? Well, while this can include things like leaving your laptop at a Starbucks while your operating system is unlocked or losing an external hard drive with customer information on it, most negligence constitutes employees clicking on something they shouldn’t have in an email they have received. Each of us can relate, as I am sure we have all ended up with a virus that forced us to either rollback our operating system to its last update or bogged our computer down so badly that we had to re-image our hard drive. But imagine that you made this little mistake at work and instead of it planting a virus, you were instead taken to what you thought was a company login page and typed in your corporate ID and password. Seem like something you’d never accidentally do? Well, good for you, but apparently 28% of people out there are still doing it.

While Roe wraps up his article by calling upon enterprises to better train their staff on how to better spot these types of false login page phishing attacks and working to make their employees more aware of potential threats like these, I am going to wrap up my article in a slightly different manner. Why? Because I believe that no matter how well you train your staff, and no matter how careful they are, there is still a chance they will accidentally end up on a fake login page and provide credentials to the bad guys. You can’t tell me that you don’t find yourself making little mistakes here and there when you’re tired at the end of a long day, or rushing to get something done. It happens to the best of us, and all the security training in the world isn’t going to fix that.

What will fix it, however, are cybersecurity solutions that take the human factor out of the equation. Still train your staff on security best practices and how to spot phising campaigns that are seeking to steal their login information, but back that up with an anti-malware solution that pre-scans every file on every endpoint before it executes and quarantines the files and user actions that seem suspicious.

It is time for enterprises to secure all of their systems and every endpoint from the little human mistakes everyone on their team is going to make from time to time by seeking out an anti-malware solution that actually stops these attacks before they can occur.

Photo by Michal Jarmoluk via Pixabay 

No comments:

Post a Comment