Security breaches are not uncommon although the media is fond of reporting only high-profile breaches such as the recent attack on Spotify – a music streaming website that boasts over a million registered users in western Europe – whose user registration details such as passwords, date of birth and addresses were compromised in a major hack.
To make matters worse this violation only came to light some days ago after the organization were tipped off by a third party although their system may have been hacked several months before December 19, 2008. In spite of the fact that Spotify has apologized and promised the incident would not repeat itself, the consequences could be dire.
Most security breaches occur via the Internet external connection rather than from within an organization’s internal systems and usually come in the form of virus attacks, laptop theft or loss and interception of unencrypted sensitive data. Due to the fact that more data is being shared nowadays, information has become increasingly mobile resulting in more breaches, for example, the frightening rise in reports of loss or theft of laptops and removable devices.
When breaches occur they affect businesses as well as the individuals whose information has been lost however the focus of this article will be on the organizations. The first and most important cost of a security breach is the loss of hard-earned reputation that may have been built over the years. Customers and sometimes employees begin to doubt the ability of the company in protecting their data which could result in their departure from the organization.
Also, there are the financial costs of investigating the breach, contacting affected customers and responding to their concerns, damage control, replacing the lost device and compliance fines from the appropriate regulatory body. The situation could further deteriorate to lawsuits and settlements, loss of market values and a decrease in productivity caused by diversion of resources such as credit monitoring for customers whose records have been violated. Indeed some organizations never recover from security breaches hence the need for prevention which although may be expensive but beneficial in the long run.
The following measures can be put in place to minimize the risk of security breaches;
- Data encryption: critical data should be encrypted particularly on devices vulnerable to loss or theft in order to prevent unauthorized access even if it falls into the wrong hands.
- Firewalls and anti-virus: filter all contents before download.
- Strict policies: strict security policies should be implemented for all stakeholders including sub-contractors and outsourcers.
- Funding: more money should be invested in training and awareness programs for staff and up-to-date security technologies should be executed.