Data Not Hardware is More Often the Target in Cybercrime
A recent healthcare report issued by Surfwatch Labs identifies that patient data is more than twice as likely as hardware including desktops and laptops to be the target of cybercrime (64.4% for data versus 28.8% for hardware). It’s no secret that stolen data can have enormous value in unscrupulous hands. However it has only been in recent years that the perceived value of data has surpassed that of hardware.
There are a number of reasons why this is likely the case. The most obvious reason being that it takes a certain level of sophistication to be able to leverage stolen data to make money off of it, whereas a stolen laptop or desktop can be put to immediate use by just about anyone. Also, the sheer volume of data that is being accessed, stored and shared continues to grow in leaps and bounds.
According to an infographic published by CSC by 2020 data production will increase by 4,300% annually and more than a third of the data generated will live in or pass through the cloud. Given these figures it is no wonder data is big business for hackers. What’s even more frightening is the personal level of attack. Drilling down further in the same Surfwatch healthcare report, the type of data being stolen includes dates of birth, names, mailing addresses and social security numbers. If ever there was a better reason to be afraid of identity theft, it’s now.
With so much information available about the risks to personal and business data, why aren’t more organizations doing something about it? When we speak to businesses – both large and small, what we find the reason most often is the perceived complexity and expense surrounding data security. With numerous options on the market, misinformation about the cloud and ease of integration to existing systems, along with the idea that employees simply won’t use it, it is no wonder decision-makers often feel overwhelmed. Even with security requirements and legislation like HIPAA, while they are leading to better measures, the changes aren’t coming fast enough.
We offer the following tips when it comes to evaluating and purchasing security solutions including email encryption and data leak prevention:
- Find a trusted IT services provider who’s willing to have a frank discussion about your needs. If they tell you it’s going got cost hundreds of thousands of dollars (or even thousands depending the size of your business) and require weeks or months to implement, find another service provider.
- Look for solutions that don’t interrupt employee workflow. Email encryption and data leak prevention should work within regular email – in the same inbox – so that sending a secure message and attachment is as easy as sending a basic (non-secured) message.
- User control is an important part of security. Being able to recall encrypted messages and attachments long after they are sent (and read) is key: human error happens. Seeing who has opened your message and at what date and time ensures users never have to wonder if their message was received. Also, having the ability to stop recipients from replying to or forwarding messages offers added protection against massive email chains that increase the risk of content falling into the wrong hands.
- Know where your data is being stored and ensure your solution provider offers you flexibility to choose in which region or jurisdiction your data will be.
Bottom line: there’s no reason to be taking risks with your business and customer data. There are affordable security tools on the market that can help you overcome just about every obstacle.