January 13, 2015

10 Surprising Ways Businesses are Increasing the Risk – and Cost – of Data Breach Incidents

Despite the increasing frequency and cost of data breaches (the average cost of a data breach today is $5.85 million), Shred-it's Security Tracker research has shown that many businesses continue to be lax about safeguarding confidential information. Here are 10 surprising ways they are actually increasing their risk and cost of data breach incidents.    

  1. Employees still throw confidential documents into the garbage can or recycle bin. Shred-it’s Information Security Infographic showed that only 32% of U.S. businesses have locked consoles in the workplace for sensitive documents, down 22% compared to the previous year. A reliable paper shredding service would provide a secure chain of custody including special locked consoles for storing confidential documents. This would reduce the risk of information getting into the hands of dumpster divers and other criminals.
  2. Some businesses have never heard of business continuity management (BCM). A business continuity plan identifies an organization's risk of exposure to internal and external threats. The 2014 Cost of Data Breach Study: Global Analysis showed that BCM can reduce the cost of a breach by an average of $8.98 per compromised record.
  3. There’s no official cyber security policy. According to Shred-it’s Security Tracker, 57% of businesses in the U.S. don’t have one. But the Cost of Data Breach Study showed that malicious and criminal attacks (including malware infection, criminal insiders, phishing/social engineering and SQL injection attacks) account for 42% of all data breaches.
  4. Document management is haphazard. In fact, every document that contains confidential information should be tracked and secured in terms of storage, usage and disposal. Furthermore, a shred all policy would remove the decision making process regarding what is and isn't confidential.
  5. Hard drives are stockpiled. Shred-it’s Data Breach Infographic showed that in Canada, 25% of larger businesses have never disposed of computer hardware containing confidential information. Information security research has shown that physical hard drive destruction is the only 100% secure way to destroy data from hard drives.
  6. There’s not always front office security.  Policies such as visitor sign-in, security alarms, and a Clean Desk Policy provide important physical safeguards.
  7. Employees ‘bring your own device’ with no information security protocols. Shred-it’s Security Tracker showed that 44% of small businesses in the U.S. and 26% of large ones have no protocol for dealing with confidential information off-site. Lost or stolen devices increase the cost of a data breach by $16.10 per record.
  8. A Chief Information Security Officer (CISO) is yet to be appointed. Ponemon research has shown that a CISO provides needed leadership in cyber and physical security policies and procedures, which helps reduce the cost of each record in a data breach by $6.59.
  9. There’s no incident response plan in place. A comprehensive response plan to a breach is key to containing the damage and reducing the cost.  
  10. Information security is not a company-wide priority. Research has shown that a strong security posture is associated with the greatest decrease in the cost of a data breach – $14.14 per record according to Ponemon Institute research. 

Is your organization at risk for a security breach? Take this Security Risk Assessment to identify the vulnerable areas in your security.