Data breaches are common in today’s technology-obsessed world. Many of us use our computers and phones daily and regularly hand over personal information without a second thought. Being hacked is not only a nightmare for individuals but for companies, too. The cost of data breaches to a business is high and it grows every year. The damage that can be done to a company’s or organization’s reputation is immeasurable. A solid, dedicated, and continual amount of resources are necessary to prevent exposure of sensitive information, so any damage control costs and the dramatic nosedive in public trust can be avoided in the first place.
As reported by Forbes, in 2018, the highest average cost of a data breach belongs to the US at $7.91 million, with Canada in regrettable second place at $4.74 million. Globally, the average sits at around$3.86 million. The cost is reported by IT and data security professionals from close to 500 companies. The price tag rises with the number of individual records that are accessed, and for larger companies, this can be in the millions. Also impacting the total cost is how quickly the situation can be rectified. These are obviously huge numbers that need to be avoided.
The general public tends to hear about the biggest breaches with the highest numbers that affect the population the most, such as when banks or the government – like the Canada Revenue Agency – is hit. But hacks and non-digital theft happens to companies of all sizes. Small businesses often don’t have adequate security measures in place because owners feel they don’t have the budget to employ a dedicated IT and network security department or even a single individual. Criminals know this and will select smaller targets. They may not be as costly as mega-breaches, but the damage can be irreparable.
The easiest and most cost-effective part of a business’s security strategy should be regularly shredding files containing customer and employee information, as well as destroying old storage drives, disks, and other out-of-date electronics that are sitting around the office or the back room. Experts like AAA NAID-Certified Absolute Destruction & Recycling will visit businesses with their mobile shredding trucks on-site and destroy all sensitive materials using secure techniques, audited, and trained staff, and then recycle all the leftover materials. They help businesses comply with PIPEDA and provincial digital security laws, as well as individuals and residential clients.
Other safeguards include hiring digital security experts to properly encrypt data and set up strong protections against hacking. It’s wise to regularly perform a security audit by a third party who can check both online security as well as in-house operations. Are there old electronic devices sitting in the backroom that anyone could steal? Do employees follow proper procedures? Are the passwords for various software, including accounting, lying in plain view on office desks?
It’s important to only collect necessary information from customers. It’s tempting to collect as much information from people and fill in as many fields that your standard forms ask for, but is it necessary? And will it be worth it if hundreds or thousands of these records are at risk of exposure, including yours and your employees?
Data breaches have too high a cost to not take seriously. Invest the proper resources in your company’s security strategy immediately.