More than four-in-five large UK businesses experienced a data breach in 2013, with the worst of the typical 16 breaches costing £600,000 to £1.5 million. Three-in-five small UK organisations had similar security issues last year, with the median number of breaches at six and the average worst case a £65,000 to £115,000 expense.
These statistics are from the Department for Business Innovation & Skills 2014 Information Security Breaches Survey, which reveals the huge extent to which data breaches threaten businesses. Investing time and money to enhance security is crucial to protecting your finances, employees and competitive edge.
Use the guide below to ensure your business is being smart about data security, and preventing ID Fraud.
Data breach insurance
Most small businesses can’t afford six annual data breaches costing up to £115,000 each, so insurance is one of the most critical tools in your arsenal. Third-party cover is a necessity for some organisations, as it ensures employees, customers or clients are compensated should an attack affect them.
You might also want to consider a comprehensive policy that pays out for other losses in the event of a digital attack, to ensure viruses and hackers can’t bankrupt your business.
Training staff in data security
Staff are unlikely to recognise the impact that data security negligence could have on your business, so it’s important this is clearly communicated. Of course, employees must also be trained how to protect the organisation from breaches, as best practice doesn’t come naturally.
One of the most important yet simple measures is ensuring everyone understands the importance of password security. Upper and lowercase letters, numbers, and special characters should be used to create unique, un-guessable 12-character-plus combinations for every login.
You must also train staff in best practice concerning internet and email usage: many will not know the potential consequences of opening suspicious attachments or downloading unapproved files. Of course, you can take some control over these threats by installing top-of-the-range security software and keeping it up to date.
External devices and access cannot be monitored as easily, so it’s important to set out guidelines for staff. BYOD (bring your own device) users need a strict policy that helps protect business data in the event personal smartphones, tablets or laptops are lost, stolen or attacked. Cloud computing systems must be cleared for remote access, and only secure flash drives or approved online systems should be used to transfer data.
Keeping confidential paperwork secure
It’s not just cyber threats you need to be wary of. In the wrong hands, confidential paperwork such as contracts can be hugely detrimental to your business’ finances and reputation. It’s important that these are stored securely, preferably in a locked filing cabinet in a restricted-access area.
All confidential waste must be discarded of securely. Use a cross-cut shredder, or for large volumes have a specialist company take charge of disposal. Again, train all staff to ensure they follow security protocol – even one misplaced document puts your business at risk.
These are just a few easy-to-implement measures that could prevent your business from experiencing data breaches. Feel free to share more tips for companies looking to improve security standards below.
Visit our Security Awareness page for more information and a full range of products to combat ID Fraud.