Data security is a major issue for businesses and organisations today. Ensuring that your data is secure is becoming more important every day and vital to business operations. A report from CDW showed that data loss has emerged as the top cyber security challenge that medium and large businesses are now facing.Data loss damages organisations in a large variety of ways and is expensive, with estimated costs around USD200 per record breached; an average of USD6.8 million per total breach. A number of high-profile breaches outline this concern.
In January 2007 TJX Corporation announced that they had been the victim of one of the largest breaches ever. Over 45.6 million credit/debit card numbers were taken from their systems over an 18-month period. The breach ended up costing TJX a whopping USD256 million.
Recently, in March, a breach occurred at Global Payments, one of the largest payment-handling organisations globally. In 2011, alone Global Payments handled USD120.6 billion in Visa and MasterCard payments.
The impact of natural disasters
While data breaches and attacks are of high concern, they aren’t the only risk. Many forget the impact that natural disasters have on data security. Hurricane Katrina is a telling example of why nature is just as much of a concern. Adrienne Moncrief Hemphill ran a small thriving make-up business out of her home in Bay St. Louis, Mississippi, when Katrina hit. She lost everything in the storm, her catalogues, her website, her inventory of products and her most valuable item, her mailing list.
“I sat down with a woman who worked with me and we tried to recreate my customer list from memory,” she related. “Eventually we were able to remember about 150 of the 500 customers I had. I was then able to get my website back up and running, and between the website, a book I had written that has been on sale locally and various stories I have had in the local newspapers regarding my consulting business, over now a two-year period maybe another 200 of my former customers have found me – I didn’t find them. So now I have back about 350 of the 500 I had the day Katrina hit.” – Quote from Impact on U.S. Small Business of Natural & Man-Made Disasters Report.
The examples above outline the clear importance of data security. To cope with this, here are a few tips to consider ensuring your data is secure.
Choose the right data centre
Having a secure, remote storage option is essential, but when choosing your provider it’s important to ensure the data centre is SSAE 16 compliant. In June, 2011, SSAE 16 replaced SAS 70 as an auditing standard for service organisations. If the data centre isn’t up to SSAE 16 standards, look elsewhere.
If you’re processing payment information, especially credit cards, then ensure that the data centre is PCI compliant. PCI standards were created to curb high-profile security breaches. Ensuring PCI compliance means that the data centre:
- Builds and maintains a secure data network
- Protects cardholder data
- Maintains a Vulnerability Management Programme
- Implements strong access-control measures
- Regularly monitors and tests networks
- Maintains an Information Security Policy
- Ensurse hard data is secure too
While many organisations have dealt with the obvious concerns like secure online back-up, secure network communications, servers kept in secured spaces or compliance with certain initiatives, the more subtle, yet potentially more important, data is right there in front of us and we don’t usually notice it in our information technology strategies.
What about the filing cabinets filled with organisational history that could span decades if not centuries of sensitive information? What would you do if there were a flood or fire? How easily could you reconstruct it and at what cost?
Information technology strategies often neglect this crucial source of “information” or data because it is unstructured (not natively digital and not easily searched for relevant data within it). However, this data can be the lifeblood of an organisation. Effective information technology and data security strategies should account for all data and seek to bring unstructured data into the structured world for easier inclusion in the overall information technology strategy.
Becoming much more mainstream, cloud-based applications offer a great level of data security (data centres with high-level, built-in security and redundancy while addressing the business continuity question at the same time. Work from anywhere, anytime, even after a catastrophic event at the office. There is clear value in the cloud.