The Importance of Data Security
Data Security is important and crucial for businesses. Understanding the risks facing data and the importance of data security will earn businesses their users and clients’ trust and will also protect them from hefty fines imposed in the event of data incidents.
What is data security?
In essence data security means protecting sensitive data from breaches, theft or any other malicious activity by unauthorised users. Sensitive data is not only corporate information — such as financial or legal, but also data about users, partners and clients. Data security is also important, therefore, in safeguarding online privacy for various stakeholders.
Why is data security important?
Big companies often have access to sensitive data for millions of people, and a data breach makes them all potential victims of identity theft. Client information, health data, financial details and proprietary information — all of this data can be hard to replace and potentially dangerous if it falls into the wrong hands. Cyber security firm, Symantec, estimates than in 2015, 500 million identities were exposed — with an estimated world population of 7.4 billion, this translates to 7% of the world population was exposed to hackers. Even more alarming, this number could be higher, as many companies are choosing not to reveal the full extent of their data breaches.
When a major company experiences a data breach, it’s all over the news. Data security is also important to protect businesses from loss of credibility and business opportunity. In the wake of the cyberattack on Talk Talk in October 2015, the company reported that it had lost over 100,000 customers and over £60 million. The large scale attack against the Internet Service Provider resulted in a breach of 150,000 customer details.
Key threats to data security
Hacking and data breaches are not the only type of insecurities affecting data. And SMBs and startups are prone to these as well. Ransomware is becoming a more common place type of attack. According to Kaspersky — a leading anti virus and cyber security developer — “ransomware is a type of malware that severely restricts access to a computer, device or file until a ransom is paid by the user. This class of malware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message or website.” Why hack data? Motivations behind cyber attacks include cyber crime, hacktivism, cyber espionage and cyber warfare.
Besides threats to data security from the technical realm, data security can also be compromised from within; for example, employee errors where data is lost by accidentally deleting or overwriting files. A 2015 Information Security Breaches Report, conducted by the UK government and PwC, found that 75% of data breaches happen due to staff error. A report by SailPointfound that disgruntled employees would sell their corporate credentials and passwords for as little as $150. Moreover, “20% of employees routinely share login information for corporate applications with other members of their team, which increases the potential that the passwords they sell might not even be their own”.
Laws and Standards
In the UK, the Data Protection Act is used to ensure that personal data is accessible to those whom it concerns, and provides redress to individuals if there are inaccuracies. Since May 2016, a new data protection regime — called The General Data Protection Regulation (GDPR) — obliges companies to report any incidents within 24 hours and punishes data breaches with fines of 4% of a company’s annual turnover. The Netherlands has stricter data breach notification laws which came into effect on January 1st 2016 and has saw more than 1500 companies and startups come forward with their reports.
When it comes to fines and penalties, it is the size of the data that matters not the size of the company.
Tips on securing data
- Thorough data security begins with an overall strategy and risk assessment. It will help identify human error such as the mistaken processing of information, unintended disposal of data or input errors.
- Instilling a privacy conscious ethic in the organisation is another way to addressing and preventing future data incidents. New employees should go through a data security induction and existing ones through systematic refreshers.
- Lastly, maintaining the proper device hygiene and anti virus software / secure software across the organisation is a sure way to fill any gaps and address data security.