Are You Inoculated for Data Breaches?

Are You Inoculated for Data Breaches?

Media love to report on epic scale cyber attacks. The story of a well-known company losing tons of sensitive data to criminals guarantees a stream of clicks. Fear sells.

A recent case-in-point was when news circulated that 68 million user credentials for popular file-sharing platform Dropbox may have been exposed in a cyber attack that happened four years earlier.

Scary, but so far, the breach has not led to unauthorized access of any user’s personal data. The company added a layer of protection by prompting users to change their passwords, while the use of encryption has made decoding even stolen passwords a difficult feat of reverse engineering.

This isn’t at all to say critical IT security risks do not exist. If anything, data mishaps and attacks happen everywhere, all the time, and with a frequency that continues to rise annually. What companies tend to forget, however, is that the threat comes from within the organisation more than without, and keeping information safe starts with basic security hygiene.

Hygiene begins at home. According to an IBM report, 60% of all security incidents reported in 2015 were from an employee, contractor or third-party partner with access to company IT, data or hard-copied information. What’s more, one third of these incidents were not malevolent, but typically something like an employee opening a malware-laden email attachment or falling prey to a phishing scam.

The IBM report concludes that businesses could dramatically reduce incidents by educating employees and enforcing policy. But it seems businesses have other priorities, as a survey of European and US companiessuggests. Nearly half of end user respondents said their organisations would accept more data risk to improve productivity.

“At a time when one would expect general improvement in end-user hygiene due to increased awareness of cyber-attacks and security breaches, this survey instead found an alarming decline in both practices and attitudes,” a study author said, according to SC Magazine. “If an organisation’s leadership does not make data protection a priority, it will continue to be an uphill battle to ensure end users’ compliance with information security policies and procedures.”

In the supply chain, the fact that customer credit card and banking information changes hands has made the retail sector a prime target of outside attacks. But for the most part, wholesalers and retailers will find themselves in the same boat as any organisation that rely on connected IT systems (with the added potential access point target of a POS).

Given the surprising prevalence of inadvertent data breaches, basic security hygiene must start with establishing and communicating to staff best practices to avoid mistakes (such as entering passwords in a phishing email) and ensuring passwords to all systems are sufficiently randomised to make decoding difficult.

That’s the least you should do. Beyond that, a retail or wholesale organisation must know its supply chain well enough to recognise potential points where data can be stolen or mindlessly given away (networked computers, data links to trading partners, POS systems, eCommerce) and ensure the necessary firewalls, encryption and other security efforts are sufficient to protect their business.

Cin7 stores information on a secure server behind secure firewalls, and does not store any credit cardinformation. Find out how Cin7 works by signing up for a free demo here.