Search
Close this search box.
Blog » Business Tips » The Security Risks You’re Probably Overlooking — and How to Fix Them

The Security Risks You’re Probably Overlooking — and How to Fix Them

Updated on November 5th, 2021
data-security-online

In today’s world, most consumers are aware that enjoying the convenience of a digital lifestyle involves security risks: sharing some of their personal information — sometimes by allowing cookies and other tracking technology, and sometimes by filling out online forms.

With that awareness, though, comes the expectation that companies will keep their personal information private and secure. This has become even more important as missteps from major companies have shown just how easy it can be for personal data to become public.

Yahoo’s 2013 breach, which affected all of the company’s 3 billion accounts, might be one of the most notorious examples. But repeated breaches like these are hardly a thing of the past. Just last month, amid panic about the coronavirus pandemic, Marriott confirmed a data breach that affected 5.2 million guests. What’s worse, it was the hotel chain’s second (preventable) breach in three years.

Despite all this, many companies are still not properly incorporating security into their data management strategies. Even companies that believe they’re keeping customer data secure often overlook simple vulnerabilities that could become massive headaches if left unaddressed. If companies want to be serious about data security, it’s time they adjust their approach.

Adequate data security requires better data management defense

There are two main types of data management strategies: offensive and defensive. Offensive strategies are customer-centric activities, such as sales and marketing. Satisfied customers and increased revenue are the goals of these two strategies.

Defensive data management, on the other hand, focuses on security and regulation compliance. The broad goals of a defensive management strategy are to protect consumer information and prevent fraud.

While defensive data management might not seem as glamorous — and its impact on the bottom line not always as straightforward — it’s equally essential to a company’s success. In 2017, for instance, the cost of fraud was a whopping $16.8 billion.

Every time someone’s identity is stolen or personal data is leaked and used for malicious reasons, companies generally have to bear the cost. That’s why it’s so important to look at defensive data management as an equal and intertwining branch of offensive data management. Without a solid defensive strategy, you’re taking huge risks that might negate even the best offensive strategy.

What happens when data security management isn’t up to snuff

Poor data security can cost more than just the money it takes to repair the initial damage from a breach. For one, it can do significant damage to your reputation: There’s the immediate loss of trust between company and consumer, of course, but there is also lingering damage to relationships with business partners who might think twice before dealing with a company that doesn’t always secure data.

There’s also the potential for damage to your brand if corporate communications are leaked. Sony offers a perfect example of how badly things can go when private emails suddenly become public. Reputations are ruined, and spilled trade secrets and juicy gossip dominate the news cycle.

Your reputation isn’t the only thing you need to worry about, by any means. Many hackers target proprietary information, such as designs and blueprints. These are the sort of leaks that can never be cleaned up satisfactorily. While not every rival will take advantage of your intellectual property, some have no scruples — and that can cause lasting damage.

Legal Repercussions

On top of this heap of risks, you also must contend with the legal repercussions of a breach. A variety of regulations tie serious consequences to poor data security. HIPAA is perhaps the most strict, dictating security and privacy standards for the healthcare industry as well as hefty fines for violations. But that doesn’t mean other industries are in the clear.

In the United States, the Sarbanes-Oxley Act (better known as SOX) regulates accounting and financial reporting to ensure the integrity of financial data. And in the European Union, GDPR requires companies to follow seven principles:

  1. Lawfulness, fairness, and transparency.
  2. Purpose limitation.
  3. Data minimization.
  4. Storage limitation.
  5. Integrity and confidentiality.
  6. Accuracy.
  7. Accountability.

Companies that violate these principles could face a hefty price of up to 4% of their global revenue. Many companies might not realize they’re violating these regulations until it’s too late, which is why now is the time for companies to examine and strengthen their security strategies before disaster strikes.

Common security oversights and how to fix them

Reassessing your data strategy is always a good idea, even if you think it’s already up to snuff. Here is a brief overview of four of the most commonly overlooked security risks (and some tips for fixing them):

1. Lack of encryption

Many companies mistakenly assume the only purpose of data security is to protect information from unauthorized access. At best, they focus on building a fortress to protect their systems from hackers — but they leave the data itself unchanged. Even the best defenses have weak spots. What happens when the wrong people exploit those weaknesses? They gain access to a treasure trove.

The right kind of encryption, however, has the power to turn that treasure trove into fool’s gold in the hands of a hacker. If your data is secured with something like RSA encryption, then any information a bad actor manages to access is virtually indecipherable without access to the keys. By encrypting your data, you can turn a major breach into a minor incident and reassure those affected that their data is still safe.

When encrypting, it’s essential to not only protect the data you store on your servers but also to secure the information that’s being sent and received. Data transmission represents one of the most common weak points for businesses. In the Internet of Things, for instance, 91% of transactions are unencrypted. This may be a blind spot for companies, but it’s definitely not for hackers. Make sure you’re encrypting your data every step of the way.

2. Too much access

While your employees must have access to the information they need without jumping through too many hoops, many companies err on the side of convenience when it comes to authorization. At best, businesses are giving out way too many unnecessary user accounts. At worst, they’re not putting any limits or regulations on who has access to what information.

This might seem harmless — you trust your employees, after all — but it opens up your information to all sorts of risks. Human error is the leading cause of data breaches. The more people who have access to your data, the more likely you are to face a breach.

Cut down permissions to only those who absolutely need the information. Create role-based user accounts rather than relying on a one-size-fits-all approach. This strategy will ensure your employees can get the data they need without access to anything they don’t.

3. Zombie accounts

It’s not just access among current employees that you need to worry about; you should also be mindful of access among former employees. It doesn’t matter whether previous employees quit, retired, or were fired — there’s zero reason they should be able to enter your network or view any proprietary data once they are no longer part of your company.

Former employees accounts must be deletedf. and enact a policy that immediately revokes access when an individual leaves the company. Make sure you have multifactor authentication set up to ensure employees need more than just a password to log in. That way, you can ensure former employees aren’t able to gain access through a colleague’s password.

4. Poor security SOP

Setting up standard operating procedures (SOP) for security should be considered an essential part of a company’s code of conduct. Not only should you draw up a plan for best practices, but you should also make sure your employees know how to implement every one of them. Provide training and perform regular check-ins to make sure that everyone is safeguarding sensitive data. After all, it only takes one employee to create a breach.

Security best practices shouldn’t stop with your employees, either. Regularly assess and adjust your policies regarding data collection, handling, and disposal. While it may seem like a good practice to gather as much customer data as possible, that just saddles you with more liability should things go wrong.

When looking at your form builder, for instance, ask yourself what information your application forms and feedback forms absolutely require. Rewrite the rules as much as necessary to keep everything safe. Just make sure everyone knows and understands those new rules.

To ensure that both company and customer data is secure, it’s imperative to integrate security management into your overall data management strategy. By following best practices, reassessing the information you collect regularly, and making sure employees maintain good data hygiene, you can ensure your data remains safe — and your customers remain happy.

Ertuğrul Emre Ertekin

Ertuğrul Emre Ertekin

Ertuğrul Emre Ertekin is CTO of JotForm, the easiest online form builder. He is a passionate engineer and seasoned problem solver.

About Due

Due makes it easier to retire on your terms. We give you a realistic view on exactly where you’re at financially so when you retire you know how much money you’ll get each month. Get started today.

Categories

Top Trending Posts

Due Fact-Checking Standards and Processes

To ensure we’re putting out the highest content standards, we sought out the help of certified financial experts and accredited individuals to verify our advice. We also rely on them for the most up to date information and data to make sure our in-depth research has the facts right, for today… Not yesterday. Our financial expert review board allows our readers to not only trust the information they are reading but to act on it as well. Most of our authors are CFP (Certified Financial Planners) or CRPC (Chartered Retirement Planning Counselor) certified and all have college degrees. Learn more about annuities, retirement advice and take the correct steps towards financial freedom and knowing exactly where you stand today. Learn everything about our top-notch financial expert reviews below… Learn More