accesso Webinar Series: Security 101 – Best Practices to Protect Your Business
Whenever you provide personal information to a business or website, there is an expectation that the information will remain protected. It is no different when it comes to being on the receiving end of that very same data transaction. Your organization is in charge of keeping employee, guest and other sensitive data protected at all times. Watch as accesso Director of Information Security William DeMar presents an overview of cyber security, including best practices and tips for developing a more proactive approach to protecting your data.
What is a Data Breach?
The first step in understanding how to protect your venue from data breaches is to understand what exactly a data breach is. The common point and reasoning behind defining a data breach is to ensure that companies and individuals are aware of their responsibilities to protect personal information, and their rights to be notified of any breach of that personal information. While the exact legal definition varies based on jurisdiction, accesso looks at breaches from this standpoint: a “data breach” is the loss, theft, or other unauthorized access of data containing sensitive personal and/or financial information, in electronic or printed form that results in the potential compromise of the confidentiality of the data. Cyber security is your first line of defense against a breach causing your company and guests unwanted frustrations.
Why Security Matters
As a part of doing business, we all have a duty to ensure we provide adequate protection for the personal information of our fellow employees, our clients and our clients’ guests. The costs of ignoring data security are steep! A recent IBM study reports the average cost of a data breach is around $3.86 million - and don’t forget about all of the customer loyalty and trust that is lost. Sometimes there is no bouncing back from a cyber attack. For smaller companies, a significant data breach could result in bankruptcy. In fact, 60% of small companies go out of business within 6 months after a cyber-attack that resulted in a breach of data.
Why Do Breaches Happen?
There are several organizations every year that perform breach studies including Verizon, Ponemon Institute and CompTIA. Verizon’s 2017 Data Breach Investigations Report found that 62% of breaches feature some type of hacking and 81% of those leverage stolen or weak passwords, which is by far the most common tactic. When you consider the factors that cause these breaches, only 48% are caused by technical errors in a security system. These technical errors include misconfigured and unpatched systems, lost or stolen devices and poor data handling. A staggering 70% of data loss due to technical error happened because of misconfigured cloud storage servers, databases, and networks. The cybercriminals are aware of the lack of attention by system admins and existence of such misconfigured cloud servers, and they will continue to target companies as long as individuals continue to take a reactive approach to security, instead of being proactive.
How Human Error Factors Into This
Verizon’s 2017 report found that hacking was the most common breach type and led to the exposure of some 1.7 billion records, however in comparison, human error led to the exposure of nearly 2.6 billion records. That’s nearly a billion more records more than hacking! What basic security practices can we put in place to protect ourselves and our companies and make sure we as individuals are not contributing to this statistic? Most organizations are unaware that the greatest security threat could be internal, and not necessarily intentional but merely the use of poor practices and lack of fundamental security awareness. With criminal cyber-activity on the rise, not enough businesses are paying attention to the avoidable consequences of human error. Unfortunately, people still suffer from “this could never happen to me” syndrome, which is the assumption that since it has never happened here before, it won't happen.
Sharing passwords with coworkers, opening personal emails at work, opening malicious emails, downloading unapproved software at work, logging into unsecured networks, and sending sensitive information to the wrong recipient are some human error actions that have led to some large data breaches. These actions allow malware and phishing attacks to be successful, and accounted for 92.5% of incidents last year. Luckily, each and every one of these human errors can be avoided to eliminate internal threats to data. It is very important that whether your venue is a ski resort, theatre, water park, museum, or sports arena, you are making sure your staff is trained and keeping up on security best practices. Just keep in mind one human error could lead to a $3.86 million breach.
What Can You Do?
Simple fixes can be a great help when it comes to protecting your organization. Create unique, strong passwords that use a combination of words, numbers, symbols, and both upper- and lower-case letters. Don’t use easily-guessed passwords, such as “password” or “user,” and stay away from personal information such as your spouse’s name, children’s names or pet names (all of which can be easily found on social media sites). Most importantly, try not to use the same passwords for work that you use on your social media or other sites; in particular, make sure you're using different passwords to log into any sites that contain sensitive personal or payment information.
If you have access to sensitive data, lock it up, shred it, or encrypt it. Make sure if you do have to email sensitive data, check twice before pressing send and always secure your laptop when you have to step away. Keep in mind cyber-criminals are notorious for setting up nearby free Wi-Fi hotspots to snoop on your wireless connection or re-direct your computer to a fake look-a-like hotspot. If you travel a lot and your company doesn’t offer a VPN option (which is a way to ensure your connection is secure and encrypted) there are some good free ones to use like Hotspot Shield or TunnelBear. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as someone trustworthy. To avoid becoming a victim to a phishing scam, never click on hyperlinks sent in an email—instead, go straight to the website directly. Verify the website you are visiting is secure by looking for the HTTPS or a lock icon in the URL bar.
Cybercriminals are working together every day. They pass along logins and passwords in addition to massive amounts of personal data they have collected from unsuspecting victims. They are counting on one of us to make a crucial mistake, like any of the many examples we have outlined, in order to break into our organization's systems so they can steal data, commit fraud, or use the data for some other malicious intent. With that in mind, it is up to everyone at an organization to protect the data that surrounds us every day. The good news is we don't have to do it alone! There are many resources and partners that can help companies and their employees get a handle on cybersecurity, and the accesso team is happy to share the resources we have to help support our clients wishing to take on a proactive approach to guarding against security threats.