All businesses like to keep a handle on their costs. You create budgets and hope that you’ll stick to them. But it’s impossible to account for every eventuality, and one thing that companies are rarely prepared for is a significant systems breach. We’re talking lost customer files, hacked payment records and accounts, and exposed trade secrets.
If that sounds pretty scary to you, you haven’t heard anything yet. Just take a look at these numbers.
The average cost of a data breach in 2019 has reached almost $4 million and each event now leaks an average of just over 25,000 data files into criminal hands. It’s no wonder business data security is a hot topic in meeting rooms the world over.
At XO, we believe that knowledge is power. So, if you’re keen to avoid an unexpected data tragedy, read on. In this article, we’ll cover why and how keeping your business secure.
Why is data privacy important?
Not only do data breaches cause significant financial loss, but they also trash an organization’s reputation, losing them existing and future customers in the process. But this has always been the case. So, why is data privacy important now more than ever? Well, there are two key reasons…
Because cybercrime is growing
As the internet grows and users spend more time online, cybercriminals ramp up their attempts to exploit these circumstances. According to a report by Juniper Research, the cost of cybercrime will reach over $2 trillion USD in 2019, which is four times higher than the same period four years prior.
To make matters worse industry experts suggest that indirect costs such as reputational harm, loss of market share and insurance premium increases may account for 90% of the total business impact of cybercrime today. And, with more and more businesses managing near 100% of their operations online, a boon in software-based product models and a dramatic and ongoing trend in user data capture by all the big players, opportunities for cybercriminals abound.
Because tighter regulations follow
The ever-increasing threat of cybercrime has lead authorities to react with a ramping up of legislation meant to protect consumers. Regulations like the Health Insurance Portability and Accountability Act (or HIPAA) and the EU’s recent General Data Protection Regulation (or GDPR) require businesses to improve their cybersecurity efforts. The penalty for not meeting these standards? Hefty fines.
If we add the cost of fines to the direct and indirect costs of falling victim to cybercrime, it’s clear that those businesses that think with their wallets would do best to invest in extensive data security measures.
Most common types of cybercrime
Now you understand the reasons why data security is important, let’s take a look at the kind of attacks you need to look out for.
Ransomware
A ransomware attack involves a piece of malicious software that is designed to force the victim to pay a fine or ‘fee’ to restore access to files that are being held to ransom (hence the name). Generally, ransomware threatens to release private data online, destroy important files or prevent the user from accessing them.
The 2019 Official Annual Cybercrime Report by Herjavec Group suggests that a business falls victim to a ransomware attack every 14 seconds, a figure that they predict will worsen to every 11 by 2021.
Phishing
Phishing is a type of social engineering designed to trick the recipient into downloading malicious files or attachments or giving away sensitive data. They rely on human vulnerabilities, like a person’s inability to tell the difference between an email from their bank and a cloned email from a cybercriminal. They don’t require much technological sophistication but are increasingly capable of catching us off guard.
In Verizon’s 2019 Data Breach Investigations Report, 32% of respondents reported data breaches involved phishing attacks. Phishing comes in several flavours like vishing, smishing and spearfishing, which all sound very catchy, excuse the pun (more on these and other phishing types here).
DDoS attacks
This unassuming acronym stands for Distributed Denial of Service and describes an attempt to shut down a site by overwhelming its system with traffic requests. As anyone who has suffered a poor web host will know, when too many people access your site at once, it quickly runs into problems resulting in downtime.
According to TechHQ, website downtime due to DDoS attacks cost businesses in the US $10 billion last year. Fully nine out of ten businesses surveyed said they had been victims of a DDoS attack. Businesses that don’t block their IP address are particularly vulnerable and, unfortunately, many companies lack the technical knowledge to identify their security weaknesses.
What should your business do about it?
If you’re feeling inspired to give your business’s cybersecurity a boost, we’ve got your back. Here are some simple pointers for taking back control from the cybercriminals and protecting your assets long into the future:
- Build knowledge – to make a difference to your business’s security over the long-term you’ll need to skill-up on the causes of cybercrime. This means learning about the different types, the forms they take and the flaws they exploit to launch attacks.
- Create secure systems – once you know the main causes of cybercrime, you can set to work building a secure enterprise. It’s likely you’ll need to make changes to the software and hardware your business uses, as well as a raft of staff and business policies and processes.
- Form an automated breach response – if you try to respond on the fly to every security breach, you can wave goodbye to a considerable amount of money and time. A better approach is to create a breach response plan and put in place systems that automate it.
- Set a recovery plan – learn how to pick up the pieces after an attack in a way that rebuilds your reputation and, with it, your customer’s trust.
If this all sounds like far more than you have the time or energy to deal with, XO offers data security and managed IT services that take it all off your hands. We secure your business, so you don’t have to worry every time an employee reports a dodgy pop-up or email that wasn’t quite right.
