Myths Around Information Security

Last year the Ponemon Institute published research analysing the cost of information security breaches – the result of a business being hacked or attacked by ransomware or even just incompetence leading to data being exposed. The average figure for a data breach was found to be over $4m – that’s right, four million dollars. Some other estimates suggest an average of over $7m. Each customer record that you lose or expose costs around $158 to clean up according to this research.

That’s serious money and therefore this is clearly now a major issue. For small businesses a multi-million dollar clean-up operation could close the business. For larger businesses the expense may in fact be far higher than this average. Information security is now essential in an environment where ransomware and hacking attacks by criminals (and even state actors) are becoming more common.

But there are still several myths around information security that cause executives to invest poorly in protecting their business. It’s an issue that affects everyone in the business and needs to be treated just as seriously as the physical security of your office premises. These are the most common issues and mistakes companies make:

1. Not dealing with human error; human error causes 33% of data breaches and 36% are just because people don’t understand the need for information security. Everyone in the company needs to understand information security, why it matters, and what protocols must be followed. This is not just an IT problem.
2. Ignorance; ignoring your legal need to follow compliance regulations over the way that data is used will lead to major fines in addition to the lost business you may suffer as a result of the data breach.
3. Trusting brands online; just because an email with a link features the logo of a trusted brand, if you did not expect to receive contact from this brand, don’t click the link. Criminals are using highly sophisticated phishing techniques to install their software and just one infected computer can give access to your network.
4. Personal devices; allowing employees to use personal devices to access work email or work systems can promote efficiency, but even password-protected phones can be hacked. If a phone is lost or stolen and it was being used to access office systems then unless the device was encrypted you now have a criminal with access to your network.
5. Papers; paper is old fashioned right? But most offices are still filled with desks covered in printed reports and spreadsheets. Detailed information is left in the open allowing any contractor with access to your office access to all that information. Even your paper recycling bin can be raided so you should really have a clean desk and shred all trash policy in place – even better discourage the printing of any documents in the office.
These sound simple, but many organisations still don’t appreciate the need for information security to the extent that they are training every staff member. Data breaches can be extremely expensive so it pays to think about your systems, your people, and your processes. Where is your business vulnerable to attack?