For years the burden of cybersecurity has fallen squarely on the shoulders of IT professionals.
But when a data breach occurs, the organization as a whole takes the fall. This is why it’s imperative for this outdated model of risk management to change moving forward.
Cultivating a culture of security
Everything is digital nowadays. Taxes are done online, banking actions over the phone and companies have more traveling salespeople than ever now that they’re all connected to the internet. With this change in how the world approaches business comes a newfound threat—hacking.
These cyberattacks that grab the headlines come in all shapes and sizes, from the popular ransomware method to physically stealing information from a hard disk drive. One thing is clear, though, chief executive officers are worried.
A CEO Outlook study by KPMG found cybersecurity weighs the most on CEOs’ minds’ currently. Protecting data is more important than ever, with the average data breach costing upwards of $4 million, IBM reported. So why, then, would they place that responsibility solely on IT?
Network infrastructures are more complex than ever, but an article by the Harvard Business Review argued that a high-functioning cybersecurity plan doesn’t start and end in the IT department, but rather it requires buy-in from the entire organization. This means employees from entry-level to the C-suite must be diligent about their safety practices. It’s no secret that insider threats are the most common cause of data breaches.
Develop an all-encompassing plan
Planning for malware attacks is a difficult process. You can’t really predict which backdoor hackers will get into—or what new techniques they might develop. But if one thing is certain, it’s that erasing data from retired electronic media like tapes and hard disk drives is a simple task every company can accomplish.
The HBR article reported that companies must regularly audit their own internal cybersecurity protocols—specifically in an effort to understand what they’re missing. One KPMG report found that 3 out of every 10 companies surveyed don’t even have someone assigned to this role. Without an employee in charge of this, companies give a haphazard attempt at securing perhaps their most valuable resource.
First thing’s first: Identify which person within your organization will oversee data security. This doesn’t necessarily have to be an IT professional, but it should be someone with buying power. This is to ensure that the business is able to quickly purchase solutions that would remedy a cybersecurity problem.
“Half of all businesses neglect to invest in information security.”
Although this shouldn’t have to be said—make sure there are funds available for these types of technologies. The same KPMG report found that 1 in every 2 respondents hadn’t even invested any money into information security.
Be sure to explore all the potential data breach risks. This doesn’t just mean network loopholes, but also physical risks. Hard disk drives only last, on average, about four years, yet they magnetically store a trove of information. This means once they’re moved offline into storage or thrown away, they still carry residual data that skilled hackers can access.
Not only is this akin to simply handing data over to hackers, but Federal legislation like the Health Insurance Accountability and Portability Act mandate that organizations safely and securely dispose of any electronic devices that may have once held confidential information.
This is why many companies turn to degaussers as a way to ensure no trace of data is left on a hard drive. Degaussing is the act of demagnetizing the hard disk drives, wiping any residual data from existence—something a reformat or overwrite can’t accomplish.
After, consider using a hard drive shredder to ensure there are no leftover pieces a hacker could get his or her hands on. When organizations make cybersecurity their top priority, they ultimately stand a better chance against those who put a few stopgaps in place and hope for the best.