If you look back on the last years’ worth of data breaches, there were over one million identities compromised. And, according to a recent Forrester report (“Lessons Learned From The World’s Biggest Data Breaches And Privacy Abuses, 2016”), that number doesn’t even take into consideration the two separate Yahoo breaches that were discovered near the end of the year. Even more eye opening: the five largest breaches accounted for 75% of breached customer records, and just three industries (technology, government, and retail) generated 95% of all breached customer records.
There is a simple ‘lesson learned’ that caught my eye from the Forrester report mentioned above. It’s never been more important to ingrain respect for privacy and for data into the culture of the organization. A data breach has far wider implications than just the loss of the data itself. The incredible privacy violation itself is huge – and exposes consumers to a wide variety of issues. Case in point, the IRS tax fraud scams over the last few years are likely the result of sold SSN from some of the major breaches a few years ago (Target, for one). The loss in consumer trust and corporate brand tarnish are equally important ramifications as a result of a breach. And finally, and most obviously – the loss of the data itself is, as they say, is priceless.
With so much to lose when it comes to a data breach, and so much to learn from them as well, there are some simple ways to safeguard user credentials and the data those credentials grant you access to, that could prevent so much loss.
A big one for me goes back to respecting both the privacy of customer data and the data itself. The nature of security incidents today makes it very clear that security controls alone can’t prevent all data breaches. There also needs to be a level of respect for privacy and a sense for the pricelessness of data ingrained in corporate culture in tandem with the right technology in place. In truth: users need to look at corporate data the same way that they look at and treat their data: as their own. Our Market Pulse Report last year cited that consumers would cease doing business entirely with an organization after being breached, yet they didn’t hold their customer’s data to that same level.
Further, employees should feel empowered to raise their hand if they spot mistreatment of data that could expose the company to a breach. To enable this, there should be more emphasis placed on the importance of security awareness training for all users. As an example, our own security awareness training program at SailPoint is designed to be easily digestible, understandable and simple to implement.
Ultimately, it’s become far too common to see another company thrown into the spotlight for falling victim to a data breach. For the most part, those not affected by the latest breach of the day/week/month/year silently pats themselves on the back because it wasn’t their company in the headlines or their identity stolen, and moves on with their day. It’s become our new normal as a culture. But it’s those organizations who make it very clear to every employee within the company that their identity, and the data they have access to with that identity, is worthy of being safeguarded who will step ahead of the pack in 2017.
By putting the ‘R’ back into respect when it comes to privacy and data, ingraining it within company culture, will give employees a true sense of accountability for helping to safeguard corporate data and their own privacy as well. It will also empower the business as a whole to run smoother, enabling business leaders to move forward with confidence, knowing that their users and thus, their data, is safe from theft. That’s a powerful thing.