I don’t know about you, but I’m tired of data breaches. I’m tired of changing my passwords, canceling my credit cards, and worrying about what information is actually private.
And it’s no wonder. In 2014 alone, there have been 696 reported data breaches — a 26.1 percent increase in the past year — including major retailers like Target, Neiman Marcus, and The Home Depot. It seems like everyone is under attack from nefarious forces looking to profit from private data.
But rather than causing people to sit up and take notice, research suggests that consumers, faced by an overwhelming number of data breaches, are beginning to succumb to data breach fatigue and give up on security altogether.
But it’s not just consumers who are suffering from this fatigue — many businesses are, too. And while complacency from an individual might lead to identity theft or credit card fraud on a small scale, the same behavior from a corporation can lead to disaster for both employees and customers.
It might seem nearly impossible to secure your business, but the truth is that it’s not all that difficult. Implementing a few simple strategies can go a long way to save your data, your business, and yourself from data fraud and breach fatigue.
Stop Breach Fatigue by Stopping Breaches
While you can’t necessarily keep yourself safe from every possible threat under the sun, you can take steps to prevent the most common types of security breaches from happening to you. Here are five steps that I recommend:
1. Implement two-factor authentication. Rather than relying on a password as the only line of defense, two-factor authentication requires you to verify your identity with something like a smartphone or a special USB token. What this means is that even if your employees have recycled their passwords or have made them easy to guess, simply knowing them won’t give unauthorized individuals access to secure accounts.
Dropbox is one company that could have benefited from this feature. When news of Dropbox being hacked began to spread throughout the media, the company was quick to respond, emphatically claiming that a third-party service had been hacked.
What actually happened was that hackers had been attempting to take these stolen passwords and use them to gain access into Dropbox accounts, knowing that users often recycle passwords. If these login attempts hadn’t been caught, Dropbox users might have found their private data being shared on the public web.
2. Train your employees. You may have the best security setup in the world, but if your employees aren’t following best practices, you’re still vulnerable. This doesn’t just stop at work, either. Employees increasingly bring their work home with them — both in the form of data and in security practices. If your workers are using the same password for Dropbox as they are for your intranet, you’re leaving yourself wide open for an easy attack.
Teach your employees good security hygiene and inform them of cybercriminal tactics so they can spot when something is amiss. By helping your employees diminish their personal risk, you’re also alleviating your business’s risk.
3. Track and manage all logins. Good security isn’t just about implementing best practices; it’s also about being able to react quickly to suspicious activity. If Dropbox didn’t have measures in place to monitor suspicious login attempts and reset passwords, its story could have been a much more disastrous one.
For an enterprise, the best way to manage employee logins is by implementing an identity access management solution that allows you to control and secure online identities from a central location. This way, you can monitor who’s logging in and from where, allowing you to react to any suspicious activity before it becomes a problem.
4. Don’t shy away from BYOIT. Employees want to bring in their own devices to work, and businesses want to cut costs. While BYOD is great for convenience and cost, it can lead to a lot of weak points in the security chain. Rather than ignoring the problem — or trying to make all your employees use BlackBerry phones — embrace this new culture and implement security practices to match.
Business services should only be accessible through a login that requires two-factor authentication, and all IT should mandate that business devices must have a lock code to prevent unauthorized access. By facing the potential security flaws of BYOIT head on, you can keep employees happy and your business secure.
5. Vet your partners. Lastly, it’s important to remember that your company rarely works in a vacuum. Make sure your business partners and cloud vendors meet your standards, not just theirs. Security is only as good as its weakest point, and sometimes that point lies outside of your control. Make sure your partners’ security measures are up to snuff before doing business with them. This extra step will not only keep you safe, but it will also help others improve their security.
It can be easy to succumb to data breach fatigue, especially when it seems like every other company is getting hit with vicious attacks. But good security isn’t some holy grail that can never be found; it’s something every company can achieve with just a little effort. If you put in the work and implement the right practices, you’ll find that being secure is actually much easier than surrendering.
Tom Smith is the VP of business development and strategy for CloudEntr by Gemalto, where he is helping to define and execute Gemalto’s identity and access initiatives in the cloud. Tom has over 30 years of experience with security, mobile, and cloud technologies, including founding executive roles at four technology companies. Read more on how to combat breach fatigue and keep your company safe on the CloudEntr Cloud Security Blog.