There are plenty of reasons for a business to make sure its data is secure. Not least of these is avoiding the embarrassment of landing in a conspicuous spot on one of the many “Top Ten Worst Data Breaches of 2013” lists. Some breaches come about through a mistake or negligence on the part of an employee. Others are a part of an elaborate scheme to steal data. Some come through lack of forethought and effort on the part of an organization. And nearly all of them might have been prevented by implementing strong data encryption and user management.
Data breaches on popular web services like LivingSocial (which had more than 50 million customer names, emails, and birthdays hacked), Evernote (which had to reset all 50 million of its users’ passwords), and the popular CMS Drupal.org (which had usernames and passwords for nearly 1 million accounts hacked) seem common enough. These types of breaches gather the big headlines because of the large numbers of users affected and because of the familiarity of the services.
Fortunately for many of the high-profile cases of user accounts and passwords being hacked in 2013, very few of them lost passwords stored in plain text. Most passwords acquired in the high-profile data breaches were salted, hashed, or fully encrypted. These precautions the companies took rendered much of the data useless for accessing the users’ accounts. But even without the passwords, the data breached could be very valuable to the hackers and anything from mildly annoying to extremely disruptive to the people whose information was stolen.
However, 2013 also had stories of data breaches that affected fewer numbers of people but where more serious data became compromised. For example, the Washington State Office of the Courts’ website was breached in the beginning of the year, and the personal information of as many as 160,000 people may have been compromised. In April, Schnucks grocery stores revealed that 2.4 million credit and debit card numbers were hacked. And at the University of Florida, an employee at the university medical center may have leaked patient data to an identity theft ring. Having personal medical data, social security numbers, or credit card numbers stolen creates far more potential for damage than losing usernames and email addresses.
Data breaches aren’t cheap for companies to deal with either. Symantec reported that the average cost of a data breach for a US business in 2013 was $5.4 million. But averages don’t tell the whole story. The kind and amount of data compromised will have the largest impact on the cost of the breach. And the biggest cost to any business will come from the loss of your customers’ trust.
Encryption and strong multi-factor user authentication are still the most effective ways to secure data. If you’re in charge of data security for your organization, you have to keep in mind every day what a data breach would mean for your business (and subsequently for your job). That’s why it’s important to take every precaution to keep data safe and secure. If you want to learn more about how you can secure your company’s data through encryption or improve your organization’s user authentication and password management, request a free trial of one of ASPG’s data security products.