To prevent data breaches entirely is very difficult, but following these practices will help minimize risk and vulnerabilities.
With the increasing popularity of smart phones, conducting online transactions, and social media, the amount of data that gets collected and stored each day is truly astounding. It is estimated that 2.5 quintillion bytes of data are created each day as of 2018 – a number that is tough to fathom and only predicted to increase. While hackers are seizing on the opportunity to exploit this influx of data, data security is struggling to keep up. Personal data, company data, and even government and infrastructure data are all vulnerable to breaches.
The most recent estimate from whitehouse.gov puts the cost of malicious cyber activity on the U.S. economy between $57 billion and $109 billion in 2016. In 2017 alone, the Identity Theft Research Center reported 1,339 cases of data breaches in which consumers’ personal data was jeopardized. Some high-profile cases from the past decade include:
Aside from a hit to the stock price and reputation of these entities, Wall Street has certainly taken notice. The main cybersecurity ETF (HACK) has increased by nearly 40% since its inception in 2015. The Business Insider Intelligence estimates $655 billion will be spent on cybersecurity between 2018 and 2020. With so many affected people and companies, governments are now beginning to take action on data security as well.
GDPR is the European Union’s answer to data privacy regulation. Enacted in May 2018, the aim of GDPR is to protect EU citizens from data breaches. GDPR hopes to succeed by enacting the following key components:
If the US took data security this seriously years ago, a lot of the major hacks previously discussed (and others) could have been limited or prevented entirely. Facebook CEO Mark Zuckerberg, who has recently come under fire for data security, said, “I think the GDPR in general is going to be a very positive step for the internet.” GDPR compliance may cause some short-term headaches for CIOs and their IT departments, but it is generally viewed as a positive step forward for privacy and data security.
The U.S. does not currently have plans to implement similar regulations. Outside of some financial and health care regulations, data security is in large part left up to individual companies. Many companies meet bare minimum security requirements and apply band-aides after the fact in the event of a security breach. Customers in the U.S. still expect their data to be protected, so companies should make data security a top priority before, during, and after the implementation of any system or procedure.
To prevent data breaches entirely is very difficult, but following these practices will help minimize risk and vulnerabilities:
In the Anthem hack, all it took was one employee from a subsidiary to open a phishing email that granted hackers access to the entire data warehouse. Proper training on how to spot phishing emails could have potentially prevented this.
The never-ending fight to keep data safe can feel like an arms race against hackers. A new security patch is created, and then new Malware is created to exploit it. There is no easy answer to solve this battle, but implementing the procedures highlighted in this post will greatly reduce the potential for data breaches. Data security ultimately falls on the shoulders of individual employees, and it is up to all of us to be educated and proactive in the fight for privacy.
Questions about where to start? Sign up for a data strategy session, and one of our analytics experts will consult with your company about your data and analytics strategies and processes.
To thrive with your data, your people, processes, and technology must all be data-focused. This may sound daunting, but we can help you get there. Sign up to meet with one of our analytics experts who will review your data struggles and help map out steps to achieve data-driven decision making.