Hardly a week goes by without another chilling story about a data security breach. Consider the case of Alere Home Monitoring, a health organization that compromised the personal information of 100,000+ patients when a laptop was stolen from an employee’s vehicle. Information on the laptop contained the unencrypted names, Social Security numbers, addresses, and diagnoses of Alere patients.[1] Or, take the state of California where data breaches affected over 2.5 million residents in 2012.[2] Unfortunately, these breaches—and others—lead to a host of problems. They open the door to identity theft, class action lawsuits, and expensive resolutions.
With the average cost of a compromised record in the Unites States running at $159 per record, it’s easy to see how negligence or poor data security standards can create costly mistakes.[3] Interestingly enough, most breaches (35%) are caused by the loss of employees’ laptops or other mobile devices.[4] System glitches, as well, are another leading cause of data security crises, comprising 29% of breaches.[5]
What can you do to better protect your sensitive data? Be proactive. Consider that taking action before a breach is critical for your organization, regardless of size. So, a few tips to keep in mind:
Develop A Strategy – Don’t leave things to chance. Evaluate your organization’s strategy for protecting data. Do employees often take laptops home? How secure is confidential information?
Encrypt – All confidential information should be encrypted and passwords should be difficult-to-guess. Encryption coupled with good password standards will prevent hackers from being able to access your most sensitive data.
Communicate with Employees – Make sure that all employees are on the same page about data security. Let them know the risks of emailing confidential information, leaving laptops in vehicles overnight, etc. Encourage employees to inform their superiors immediately if they believe data has been compromised.
Consider Remote Wiping – There are tools that can render a lost or stolen laptop useless. If all else fails, this might be something your company wants to consider.
In short, you want to clearly have a data loss plan in place rather than wait for disaster to strike. Over the long run, it can save your organization time, money, and a PR nightmare.