Wouldn't it be great if there were a simple way to reduce the likelihood and cost of a data breach? Well, there is. Simply having a conversation can fix many of the misconceptions employees and clients have about basic data security. How much money can talking data security with your employees and clients really save? Quite a lot. And there are three reasons why:
- The average employee is woefully uninformed about data security.
- Many data breaches are caused a preventable user error.
- Data breaches are more expensive than most people think.
According to research from the Ponemon Institute, an organization that conducts independent research on data protection and information security, the average cost of a data breach in 2012 was $5.4 million. If that cost shocks you, take a moment to think about all the data breaches you've heard about in the news recently.
After their data breaches, Target, Neiman Marcus, and other companies had to pay for credit-monitoring services for their customers and conduct exhaustive investigations. Target is currently facing dozens of lawsuits (which might spiral into bigger, class-action lawsuits). Not to mention the millions of dollars in lost profits they've already suffered. Add up all these losses, and it's easy to see how a data breach takes such huge bite out of your budget.
Below we discuss some of the misconceptions that lead to bad security practices – and expensive data breaches.
How to Correct Common Misconceptions about Data Security
Whether you're outlining data security policies for your own IT business or working with a client to teach their employees how to use their devices more securely, you'll face three main hurdles:
- Misunderstandings about cost. Business News Daily reports that when asked to guess what a data breach on their device would cost, employees estimated the cost at $500. In reality, data breaches can cost millions. As you talk with employees or clients, emphasizing the actual cost of a data breach (and showing them resources such as the Ponemon report) can help dispel this misunderstanding.
- Unclear policies. Employees might not know how to follow data security rules because the rules are unclear. In addition, some businesses don't consistently enforce these rules. Employees may have been told one thing during training only to see other employees adopt lax practices on the job. One good strategy is to codify data policies in an employee handbook and offer ongoing training sessions and reminders about proper mobile device and laptop usage.
- Unclear accountability. Many employees simply assume that someone else is in charge of data security for their devices. As an IT professional, you know this doesn't make sense. Each user is responsible for using their devices securely. But in reality, many employees simply think there network is secure enough to handle any mistake they might make with their iPhone or other device.
For more on teaching data security to your employees, make sure to check out our post Don't Let Your Employees Cause Your Next Data Breach.
New Push to Educate Employees: How One Tech Company Sees the Future of Data Breach Prevention
A BetaNews article recently profiled how Dell is responding to data security issues: by offering more data and device security training courses to customers through Dell SecureWorks, the company’s security service arm.
After surveying the tech landscape, researches at Dell found that companies want more security training, and two-thirds of security managers have increased their company's funding for education. This research has led Dell to offer new security training programs.
Dell's new programs are aimed at teaching clients how to avoid common security threats including phishing emails. They also offer testing services and newsletters to keep companies aware of new threats.
What does it mean for small businesses when an industry giant like Dell makes this move? Well, first of all, it means there's money to be made in IT training and security consulting. And secondly, it means that, as Dell's research shows, clients are starting to realize that there is a huge gap between how secure they think they are and the reality.
E&O Insurance Protects Employee Error Lawsuits and Data Breach Liability
Errors and Omissions Insurance is crucial for IT companies whether you work in consulting, software development, system administration, or project management. Not only can E and O Insurance cover lawsuits after an employee makes a mistake, but it can also pay your legal expenses when a client suffers a data breach and sues you.
To see a full explanation of cost and coverage options for E&O Insurance, look through these cost estimates and sample insurance quotes for small IT businesses.