How to Avoid a Data Breach

data breach“In the past, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyber-attacks. However, there is a growing concern about the potential damage to reputation, class action lawsuits and costly downtime that is motivating executives to pay greater attention to the security practices of their organizations.”

A data breach has become a large growing concern for many executives; whether the breach is due to a hacker, to the wrong people handling the information, or just a loss of documentation. This growing concern is for good reason, the chances of a data breach and the cost of a data breach have increased year over year.

  • According to research, the average total cost of a data breach for companies has increased 23% over the past two years to $3.79 million.

The cost of a data breach is not an easy thing to estimate. It takes a business an average of 256 days to identify a malicious attack, while data breaches caused by human error take an average of 158 days to identify. After finding the breach there are all kinds of fees, varying on the breach and the time that has passed between detection.

There are three different categories to understand when trying to estimate the total cost of a data breach. We categorize the costs as direct, indirect and opportunity as defined below:

  • Direct cost – the direct expense to accomplish a given activity.
  • Indirect cost – the amount of time, effort and other organizational resources spent.
  • Opportunity cost – the cost resulting from lost business opportunities as a consequence of negative reputation effects after the breach has been reported to victims (and publicly revealed to the media). This includes:
    • Turnover of existing customers: The estimated number of customers who will most likely terminate their relationship as a result of the breach incident. The incremental loss is abnormal turnover attributable to the breach incident.
    • Diminished customer acquisition: The estimated number of target customers who will not have a relationship with the organization as a consequence of the breach.

The three major reasons contributing to a higher cost of data breach in 2015:

  • Cyber-attacks have increased in frequency and in the cost to correct the consequences.
  • Data breach costs associated with detection and escalation has increased.
  • The consequences of lost business are having a greater impact on the cost of data breach.
    • Lost business has potentially the most severe financial consequences for an organization.
    • The cost increased from a total average cost of $1.33 million last year to $1.57 million in 2015.
    • This cost component includes the abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill.
    • The growing awareness of identity theft and consumers’ concerns about the security of their personal data following a breach has contributed to the increase in lost business.
    • A recent study shows that 85% of a store’s customers will refuse to shop at a company after a data breach, confirming that clients do penalize businesses more than a government regulator could ever do.

As mentioned, in order to face these extraordinary costs, it is first necessary to discover the breach. After a breach some steps need to be taken to reveal just how big the breach is. Activities for discovery and the immediate response to the data breach include the following:

  • Conducting investigations and forensics to determine the root cause of the data breach
  • Determining the amount and probable victims of the data breach
  • Organizing the incident response team and strategy
  • Conducting communication and public relations outreach
  • Preparing notice documents and other required disclosures to data breach victims and regulators
  • Implementing call center procedures and specialized training

The following are typical activities conducted in the aftermath of discovering the data breach:

  • Audit and consulting services
  • Legal services for defense
  • Legal services for compliance
  • Free or discounted services to victims of the breach
  • Identity protection services
  • Lost customer business based on calculating customer churn or turnover
  • Customer acquisition and loyalty program costs

How to Prevent a Data Breach

“High-profile data breaches are a wake-up call to enterprises everywhere. However, they pose the question: Why did IT fail to stop the data breach? The answer is that it’s an enterprise-wide issue, not just a technology problem.”

When people hear “data breach” they often visualize computers, hackers, and online threats. However, a data breach can happen in many shapes, sizes, and forms.

This pie chart shows the distribution of the main causes of data breaches:

types of data breaches

One of the largest causes of a data breach is lost, stolen, or improperly disposed of documents. Our goal is to give you advice to help minimize the risk of hard copy files, documents and records compromising your business.

Having a document management plan that details the process of documents from creation to destruction is one of the best ways to combat hard copy data breaches.

Here’s 8 steps that should be the mainstays of a solid document management program:

  1. Protect your company against corporate espionage and fraudConduct a Complete Inventory of All Documents
  2. Determine who is going to manage the process
  3. Develop a Retention and Destruction Schedule
  4. Determine the best way to store and manage your records
  5. Create and document proper procedures
  6. Create a disaster recovery plan
  7. Training and Implementation
  8. Maintaining and auditing the program

To find out complete details on how to establish a document management plan that protects your company check out this article: Create A Sound Document Management Plan

Shredding confidential documents is one of the best ways you can protect your business and self from a data breach. There are several options to consider when creating a document disposal plan. Mobile shredding or offsite shredding are the two best options when considering a shredding plan that can handle large volumes of shredding. Learn more about mobile and offisite shredding below.

Mobile Shredding

Mobile Shredding makes it very easy to witness the shredding of your documents. With a TV monitor located outside of the mobile shredding truck, you are able to observe all of your documents being securely destroyed.

By witnessing your shredding, you can have the peace of mind that your personal or company documents are destroyed while you watch.  It also helps to ensure the chain of custody for your files remain intact until you receive a certificate of destruction.

Offsite Shredding

Offsite shreddingDrop Off Shredding is similar to mobile shredding in the fact that you collect your documents in a locked bin at your office. Once the bin is full a contractor comes to your location and picks up the bins. The bins are then transported to a secure shredding facility and destroyed.

The bins remain locked the whole time and the contractor never comes into contact with your documents.

Since the documents are not shredded on-site, the cost is usually less expensive than mobile shredding. However, some laws and industries require that you personally witness the shredding of your confidential documents.

Get Free, No-Hassle Quotes Today!

Shred Nations specializes in helping you find the shredding contractor that that’s right for your businesses regardless of the size of the job.  If you’re looking for a quote on document shredding services, please fill out the form to the right, or give us a call at (800) 747-3365.

Within minutes of receiving your request, you will receive quotes from shredding contractors in your area so that you can select the company that fits your project or your office best.