As of 2014, the average cost of an organizational data breach was $5.9 million. The estimated cost of a general data breach was $201 for each individual record compromised. If you cringe at the thought of your business being responsible for nearly $6 million in liability, you may want to take some proactive steps towards avoiding a cyber-intrusion, such as:
1. Utilizing Encryption
Even if your data is breached, you can minimize the damages through encryption. Sensitive data should always be encrypted and even less critical data should be encrypted, if possible. Even if a cyber-attacker gains access to your data, it will be useless to them; they will not be able to read it. Employees should also be in the habit of encrypting data that they send through email and other messaging services.
2. Improve End User Security Awareness
All of the security controls in the world can't protect a business from improperly trained and educated end users. Employees and clients alike must understand that they need to keep their account secured. Educate them on password best practices and let them know about potential security threats. Also, encourage them to keep software such as web browsers up-to-date.
3. Authentication and Authorization
Identity and access management is one of the most basic ways you can protect your security. Granular security controls will ensure that each individual only has access to files and abilities that they are required to have to perform their duties. Consequently, a breach of their account will only lead to a leak of the data that they could access on their own.
4. Endpoint Protection
With mobile devices more popular than ever, endpoint protection has become a necessity. This involves making sure that the devices at the "endpoint" of any transmissions are suitable for receiving those transmissions. This can be as strict as making sure that only specific devices can connect or as loose as simply requiring that the devices meet a certain template.
5. Vulnerability Assessments
Some vulnerabilities may not come from the cyber realm but instead the physical. As an example, someone could steal a physical hard drive or data backup tape. Vulnerability assessments should be conducted regularly to assess how to minimize and respond to potential hazards before they occur.
Though you can reduce the risk of a data breach, you can't always avoid it entirely -- especially if you utilize third party software. You may want to consider acquiring data breach insurance to protect your business should the worst occur. You should also develop a comprehensive disaster recovery plan so that any data breaches that do occur are reacted to properly. Finally, consider partnering with a managed service provider, since they can help asses potential threats to your infrastructure, educate you on security best practices and monitor your networks for potential breaches.
To learn more about protecting your business from data breaches, read this case study from Alert Logic.