Data breach is a topic that makes the news when large companies are affected. Earlier this year, Arizona’s largest health system provider, Banner Health, was hacked. As one of the affected individuals, I can only think about the immediate cost that Banner Health incurred when they offered me and all those impacted by the breach a one-year credit monitoring service membership. Less visible costs that businesses incur after a data breach are:
- Potential long term effects of losing intellectual property such as trademarks, designs, databases, software, research and development and trade secrets.
- Increased cost of cybersecurity insurance premiums or denial of coverage.
- Impact of normal operations disruption – for example, if a bulk of your sales are online and you need to temporarily bring the site down.
- The effect of lost customer relationships.
- Lost contract revenue due to possible contract terminations.
What can businesses do to minimize the potential risk of a data breach?
- Recognize that everyone is at risk and that cybersecurity is a huge issue.
- Educate yourself and your employees about vulnerabilities that can increase risks such as weak passwords, phishing emails and malicious software.
- Implement strong IT controls like intrusion prevention systems (firewalls, anti-virus protection), require routine password updates and stay current in system updates and patches.
- Implement restricted network access.
- Implement network monitoring.
- Have an incident response and recovery plan.
- Routinely test security and information systems controls.
Because all companies have some risk related to data breach, companies should aim at implementing plans to minimize breach risks and avoid the aftermath costly expenses, loss of customers’ confidence and possible permanent loss of customers.