DATA SECURITY BREACHES IN THE CORPORATE SECTOR

If you’re a business owner, then one of your first priorities is likely how you can keep your organization’s data security tight and protected from breaches. In a world of data breaches and ever-increasing threats to cybersecurity, your business’ data security is more reliant on your vigilance than ever before. When you lose sight of how important your cybersecurity is to the success of your business, you expose your organization to countless data breaches.

study conducted by researchers at Appalachian State University (ASU) highlights exactly how dangerous negligence of data security can be for a growing organization. They found that not only did used hard drives and solid state drives often hold residual information, but the information left on these devices often contained sensitive data. The scope and significance of these findings become apparent when the numbers are analyzed and placed into the context of the business world.

The Quick Numbers

In the aforementioned research, they studied 55 hard drives to determine what percentage of their devices would contain residual information that could be used to identify the previous user. Their numbers were shocking, and the severity of these data security nightmares can be summarized into three key findings.

  1. By studying just 55 used hard drives, they found 30,000 files that contained private information of the previous owner.
  2. The researchers noted that it is inexpensive to properly wipe a hard drive of private data, but this step is often skipped in a misguided effort to save time, and thus leaves the former owner vulnerable to a data security breach.
  3. They found that the majority of individuals and businesses fail to employ proper data destruction practices. Instead, information is simply moved to the “Recycle Bin” or removed via the “delete” button, neither of which actually removes the data from the hard drive.

These numbers require little context to be appalling, but by looking into the world of business, it becomes clear how universal, and avoidable, these security lapses can be.

Contextualizing the Data

With findings like these, it may come as no surprise that businesses suffer data security breaches with horrifying frequency. On any given day, anything from an errant email to an improperly decommissioned device can destroy any semblance of reliable data security for a business. What is more surprising, however, is that small to medium sized businesses are the ones which most often experience these dangers.

According to research conducted by cyber security expert Timothy Francis, small and mid-sized businesses experience 62 percent of data security breaches. While intuitively you might expect large businesses to experience the brunt of cyber-attacks due to their reputation and significant resources, Francis explains why this is not the case: A larger organization may indeed experience more attacks than a small business, but larger businesses invest significant resources into thwarting these potential security disasters. Small businesses, on the other hand, tend to ignore these dangers and thus find themselves losing crucial data substantially more often.

If small and mid-sized businesses are the ones which experience the most data security breaches, then this raises the issue of exactly how likely any such business is to experience a cyber-attack. Based on Francis’ findings, Mark Greisger, the President of NetDiligence, projected that there are 34,529 data security incidents per day. These numbers are certainly chilling, but how do they relate the findings at ASU and, most importantly, what do they mean for business owners?

The findings of these two studies indicate that smaller businesses tend to neglect their cyber security and, as a result, experience data breaches significantly more often than larger businesses which protect themselves. These numbers may seem disheartening for business owners, but there is no reason for your organization, regardless of size, to suffer a data security breach. By taking the proper measures and ensuring your compliance with industry standards of data security, you can keep your business protected from potential cyber security threats as effectively as any large corporation.

Where and How to Improve Your Data Security

Just as there are no shortages of hazards to data security, there are equally numerous ways in which to protect your organization. Each of the following steps will protect your business through various security vectors, but each is essential to building a comprehensive cyber security suite to defend your organization from data breaches.

  • Train Employees. There is no way to adequately explain how dangerous an untrained employee can be to the state of your cyber security. Some of the largest threats to cyber security are mishandled data and vulnerability to phishing schemes, both of which can be eliminated by properly training the people who handle your organization’s private information. The extra training should only present a nominal fee and, with regular training, will protect your organization’s private information for years to come.
  • Encrypt Everything. Comprehensive encryption is essential as soon as your organization starts storing customer information such as names, financial information, etc. Any type of data breach can be devastating to a growing business, but theft of customer information is perhaps the most damaging. Loss of customer data can lead to years of bad publicity for your business and, in the worst case, can result in financially draining lawsuits.
  • Create Backups. While cyber security can do incredible things to protect your organization, it is always wise to prepare for the worst-case scenario. For this reason, creating backups of any and all important information is essential and will save you hours of headaches and frustration if you ever require a system reboot.

Each of these steps is essential to protecting against data security breaches, but they do not address one of the most crucial and overlooked aspects of data security: data destruction.

Business Standards of Data Destruction

In both the study conducted by ASU and the Francis’ research, the number of data security hazards could have been starkly decreased by meeting corporate standards of data destruction. Part of the reason that businesses fail to meet these standards is an adherence to outdated security protocols, namely those put forth by the DoD (Department of Defense). Instead, the new data erasure protocols are put forth by the NIST (National Institute of Standards and Technology).

Specific NIST standards for businesses and data destruction can be found here, but the short version is that all sensitive information must be completely removed from hardware before it is resold or disposed of. This protects businesses as well as their customers from thieves who would recover private information from the discarded hardware. Data erasure goes beyond being a security issue, however, as it has also become an issue of reputation and quality control which customers use to determine who they will do business with.

If an organization fails to maintain NIST standards in regards to data destruction, they may quickly find themselves passed over by clients and customers who prefer to operate with the assurance that their privacy is being respected and protected. Tech-savvy clientele are becoming increasingly informed about the move from DoD standards to those set forth by the NIST, which is why data destruction has moved from being solely a concern for data security, but also a notable factor in determining an organization’s reputation and profits.

What does this information mean? In short, it is more imperative than ever that your organization employs the services of a reliable data wipe which either meets or exceeds NIST standards. While there is certainly a plethora of data wipes on the current market, few can match the performance of Clarabyte’s data wiping solution.

This data wipe, known as ClaraWipe, meets and exceeds all national and international regulatory standards, and the NIST is one of many such benchmarks that ClaraWipe adheres to. While other data wipes may leave information on the hardware, as observed in the Appalachian State University study, ClaraWipe has been found to erase every trace of private information from countless data storage devices. There are few things in data security more important than data erasure, of course, which is why you should never rush into a decision lightly. When considering your options for data wipes, schedule a demo of ClaraWipe and see why it is internationally renowned as a reliable solution.

The Big Picture

Regardless of what data wipe solution you employ, it is essential that you consider the findings of ASU researchers and Francis when evaluating your data security options. There is no way to fly under the radar of cyber-attacks, as even the smallest businesses suffer them, which means that you must invest in your data security if you wish to avoid compromising breaches. The days of nominal cyber security threats are gone and will not be seen again. In the modern world, it is in your best interest of your business to prepare yourself for data security breaches by creating a wide-ranging cyber security plan to both protect your organization’s information as well as to remain competitive in the global market.

References

“DoD Media Sanitization | Standards & Guidelines.” DestructData, Inc.  Web. 21 Jan. 2017.

“How to Securely Decommission Hardware.” Clarabyte. 16 Jan. 2017. Web. 21 Jan. 2017.

Kissel, Richard L., Matthew A. Scholl, Steven Skolochenko, and Xiang Li. “Guidelines for Media Sanitization.” NIST. 19 Oct. 2016. Web. 21 Jan. 2017.

Medlin, B. Dawn, Joseph A. Cazier, and Robert M. Weaver. “Consumer’s PCs: A Study of Hard Drive Forensics, Data Recovery, and Exploitation.” Journal of Information Privacy and Security 4.3 (2008): 3-15. Web.

“Small, mid-sized businesses hit by 62% of all cyber attacks.” PropertyCasualty360. Web. 21 Jan. 2017.

Schedule A Demo