August 06, 2015
Misinformation about data breaches may be confusing consumers and businesses about their responsibility to protect confidential information.
Here are 7 common myths about data breaches – and the data breach facts.
Any organization with employees, business contacts and customers, creates or collects sensitive data that information thieves want. Privacy laws and legislation require companies to protect this information.
The large retailer breaches get all the headlines but smaller businesses are targeted too. A recent blog cited a 2013 Ponemon survey that showed 55% of small businesses in the U.S. had experienced a data breach.
Everyone in the transaction-processing system can be affected. For example, a 2014 Stax survey showed that nearly half of consumers blamed the retailer and the bank after a consumer data breach. Plus, 43% stopped using a particular payment account after the breach.
Healthcare data breaches are actually the most expensive, according to the 2015 Cost of Data Breach Study: Global Analysis. The average cost of a healthcare breach is $363 per compromised record compared to $154 across all industries. At the same time, retail's average cost is $165 (although that’s a significant increase compared to $105 last year).
The Identity Theft Resource Center Data showed that 42% of U.S. breaches in 2014 occurred in the health care sector. That statistic is 10% higher than all business-category breaches.
The Global State of Information Security Survey 2015 showed that information security spending is not keeping up with increases in security incidents. Investments in information security budgets declined 4% in 2014 compared to 2013. Small businesses in particular are at risk. The Shred-it 2015 Security Tracker showed they are much less likely than larger organizations to have a cyber-security policy.
Anti-virus software, encryption, firewalls, etc., are critical but “we cannot fix this with technology alone,” said Arun Vishwanath, an online security and cyber behavior expert, in a University of Buffalo post.
“It is people who are letting these guys in.”
Attacks often start with emails containing malware in hyperlinks and attachments. When the link or attachment is opened, the hacker gets in. Security awareness training should include how to spot suspicious scams.
Non-digital breaches are still a problem, according to a recent Journal of the American Medical Association (JAMA) study. Paper breaches accounted for 9% of compromised records in the first half of 2014 and 31% in the second half – in total, over 250,000 paper records and pieces of identifiable health information. Physical safeguards such as visitor sign-in, a Shred-all Policy, and a Clean Desk Policy are most important.