Top 5 Data Security Errors Companies Make

With the rise of information technology, the world of commerce is becoming increasingly interconnected and reliant on an integrated network structure to meet its storage needs. This dependency greatly increases the need for proper IT security to safeguard company information from various cyber security concerns. A single data breach on average can cost a company $3.5 million[1], not exactly pocket change. In today’s world one of the greatest challenges most companies face is implementing a list of controls to ensure company data is safe from accidental deletion, or from cyber theft.

While companies spend millions to implement protective measures, there are still some common data security mistakes most companies make. Here are the top 5 biggest:

1. Simple passwords

This may sound like an error more attuned with everyday people, instead of multimillion dollar companies, but the fact of the matter is that most small and even big companies generally use simple passwords, often in the name of ease of use. Passwords that may seem suitably strong for some companies, are relatively easy for cybercriminals to hack, with the use of their sophisticated software that can crunch through passwords with ease[2]. Words like “admin” or “user” isn’t exactly the best tool to escape cybercriminals. In fact, some of the most popular passwords are also the simplest[3].

2. BYOD

There is a growing trend of companies allowing employees to bring their own devices to the workplace (BYOD)[4].  While this allows employees to use their favourite smartphones, this also opens up various security issues.  IT departments have less control in standardizing the security in these devices, as they are not built from the ground up to match the company’s security specifications. For example, many smartphones feature connectivity features like Bluetooth, and LTE, which can expose the device to many external threats.  In the case of Android, malware is a common security problem.[5] Personal devices are significantly easier to breach and can allow intruders to access company emails, as well as important confidential documents.

3. No Backups

This is mainly an issue for small businesses, who do not possess the servers and IT infrastructure of their bigger business counterparts to have reliable backup procedures. Their valuable data is at risk to their hard drives malfunctioning, being accidently deleted, or due to unnatural events such as a fire. Depending on the nature of the business (especially healthcare), the costs of losing just  1 MB of data loss is huge, at around $10,000.[6] This can be attested to the cost of trying to recover the data, the cost the business faces if it cannot retrieve it, as well as the opportunity cost of the time needed to recover it. While this sounds terrible, what is worse is the loss of reputation, and customer loyalty if they find out that the company lost important data, and it’s hard to put a price on that.

4. Employee Negligence

Many companies go through great lengths in showing an appreciation for their employees, as they believe a company is only as good as the strength of their workforce. Ironically, a major way for a company to be compromised is through mishaps from their own employees. From accidently downloading a virus through an attachment[7], to exposing your computer to malware, to accidently leaving your work laptop open, the possibilities for data breaching through negligence is vast. Even having an employee accidently reveal his password to a friend can potentially be a security threat. These security threats are especially apparent in today’s work environment, with many employees working from home, away from helpful supervision which could help minimize risks.

5. Improper Data Destruction

Finally, arguably the biggest error companies make is leaving valuable data for prying eyes to collect. Throwing company documents in the garbage, or putting away your hard drive is not enough, many people resort to garbage searching just to seize this valuable information. A secure shredding method is essential for paper disposal, as this minimizes risk of information theft. Erasing one’s hard drive is not a foolproof plan, as with the right software the data can be recollected. Only a properly destroyed hard drive can ensure peace of mind from any data collection from a third party, especially from someone who is experienced in data retrieval.

Article by: Arjun Srivas