Have a spare $2.82 million? That’s how much you can expect to pay, on average, if your organisation falls victim to a data breach in Australia.
Poor security is one sure-fire way to send your organisation into the red – or at least to the bank manager for a loan. Research by Ponemon Institute and IBM estimates the average cost of an Australian data breach to be $2.82 million.
What’s more, this figure is expected to rise. Commenting on the findings, Ponemon Institute’s founder and chairman, Dr Larry Ponemon, said breaches are happening more often. They are also increasingly expensive to resolve.
If you’ve heard of TorrentLocker, you’ll know how destructive a corporate data breach can be. A strain of ransom ware, TorrentLocker encrypts user files and data backups, rendering information useless until the victim pays a ransom via digital currency Bitcoin.
Since 2014, TorrentLocker has affected more than 16,000 Australian businesses and individuals. The total cost to businesses, according to the Australian Cyber Security Centre’s 2015 Threat Report, is more than $8 million.
Here’s how to protect your business from increasingly clever – and costly – security threats.
Get serious about user authentication
Every organisation should have clear, defined processes for authenticating and authorising users. The type of authentication you need (i.e. two-factor, one-time password, etc.) will depend on the nature of your organisation and the type of data you handle.
At a minimum, consider protecting sensitive data with two-factor authentication and lock down roles and permissions so that users can only access data that is relevant to their day-to-day activities.
You may also like to supplement user authentication measures with extra security including SSL (secure sockets layer), custom audit trails and encryption of sensitive data like customer credit card information.
Tighten your network security
Keeping malicious activity at arm’s length can take more than firewalls and antivirus software. When it comes to protecting your networks, you may also benefit from extra security considerations including VPN (virtual private network), secure wireless and malware, phishing and intrusion prevention.
Tips for success:
-
Stay up to date with new threats as they’re discovered.
-
Make time for employees to install software upgrades and patches on all devices used for work purposes.
-
Keep firewall and antivirus software up to date.
-
Ensure employees are familiar with your acceptable use policy.
-
Teach employees how to recognise and respond to a potential data security breach.
Secure mobile devices and printers
It’s not just disgruntled former employees who want to hack into corporate networks. According to the government’s Cyber Security Review, most security breaches are conducted by organised crime gangs. Of the 92 per cent of breaches perpetrated by outsiders, former employees account for just 1 per cent.
No matter who is behind the breaches, the fact is that over 70 per cent of security threats target end users. The reason is simple: the easiest way to your organisation’s data is usually through an unsecured device like a smartphone or printer.
To keep mobile devices safe, set clear, defined processes for authorising user access on unsecured devices. Grant only necessary user permissions for corporate email, files and other sensitive data, and enable remote-wipe functionality as standard.
For printers, look for smart printing solutions that only print documents when a user is at the device. Consider monitoring sensitive documents so you always know who has accessed them, who has printed them and at which device.
Be proactive about monitoring and auditing
There’s no such thing as set and forget when it comes to online security. Real-time monitoring and regular audits are two of the most effective ways to identify threats before they occur.
By monitoring networks, applications and traffic, organisations can ensure users are only performing the activities they are authorised to perform. It is also easier to spot security shortcomings and track and stop unwanted or unauthorised activities. Industry experts recommend round-the-clock monitoring and annual audits for optimal results.
As hackers become increasingly skilled at infiltrating corporate IT, organisations must take a proactive approach to preventing, identifying and thwarting expensive data security breaches. This means staying up to date with the latest threats, following industry best practices and ensuring employees know how to spot and respond to potential threats. Taking action to resolve poor security measures now could save your organisation millions of dollars in the long run.