December 04, 2014

How to Reduce the Risk of a Data Breach Over the Holidays

Everyone’s starting to plan for the holidays, and for business leaders that means reviewing their list of information security strategies and checking it twice.  

The winter holidays are a particularly vulnerable time in the workplace. Employees can be distracted by the fun of the holiday season, and there’s often just a skeleton staff as many workers take time off.

Information thieves, on the other hand, never let up – several Ponemon studies have shown that the frequency and cost of a data breach continue to increase every year.

In the 2nd Annual Study on Data Breach Preparedness, 60% of companies had more than one breach in 2014 compared to 52% in 2013. 

The average cost of a data breach was $3.5 million, which is 15% more than what it cost last year, according to the 2014 Cost of Data Breach Study: Global Analysis.

The 2013 eCommerce Cyber Crime Report showed that just one hour of downtime caused by a cyber attack during a busy shopping day can mean an average loss of almost $500,000.

Here are some workplace strategies that can help protect confidential information at this time of year:   

Appoint a CISO: Research has shown that companies simply manage better when a Chief Information Security Officer is responsible for cyber and physical security policies and procedures. Responsibilities can extend from creating a corporate culture of security to tracking and monitoring security threats.

Data Loss Protection: An internet security policy should cover threat management across PC, mobile and social media activity (which can increase during holidays) and utilize the latest and best data loss protection. For small businesses, there are cost effective and reputable anti virus protection, anti spyware, and anti spam software. 

Hiring Policies: If your business hires seasonal help, an employee background check is recommended by the experts.

Restrict Access: Give (all) employees access only to the areas and the confidential data, in electronic and paper form, that are related to their responsibilities. When taking time off – and taking work with them – employees should remove only the confidential information they need to do their jobs.

Online Training: It’s tough to veto holiday shopping online – training should underline all the security risks and precautionary behaviour. For example, keep firewalls up, use encryption and password protection, and only use secure, known networks.   

Educate Staff on the Latest Internet Scams: Top holiday scams are published by various companies. For example, McAfee for Business provides a list of the top 12 privacy scams including phony shipping notifications, deceptive advertising with dangerous links and charities that don’t exist.

BYOD Policy: There should be a strict Bring Your Own Device security policy that specifies both data loss prevention as well as physical protection of all devices. Employees should take extra precautions when taking their electronic devices along for the holidays.

Physical Safeguards: Implement a Clean Desk Policy with computers locked down and turned off after hours. The National Federation of Independent Business recommends security alarms, quality locks, and other security measures. 

Work with Trusted Partners:  Are you partnering with companies that are equally committed to information security? Continue regularly scheduled services such as secure document shredding through the holidays as well. 

Download this ‘Small Actions for Big Wins’ checklist of commonly overlooked information security practices that can help small businesses reduce their risk for a data breach all year around.