In just two years (2018 to 2020), the average cost of a data breach has risen 31%, from $8.76 million to $11.45 million. Those same two years saw a rise in the number of breach incidents of 47%. If data security in your organization is not a high priority, then legal fees will be. What are your biggest threats when it comes to data breaches, and what can you do to wrap a dynamic security wall around your customer data?
Who Wants to Steal My Data?
Risk assessment is a key security function in every company, and it may surprise you to learn that the biggest threat you face is employee negligence when it comes to data breaches. Yep, you heard that right; it’s not that your doors don’t have large enough locks on them; it’s that your employees forget to close them in the first place. We’ll call them Negligent Insiders.
You also have to keep an eye on malevolent employees. Roughly equal in size to the threat you face from negligent insiders is the threat from Malicious Insiders.
That’s not to say that you won’t face a threat from clever criminals that break into your company’s data. Unfortunately, a large number of them don’t even have to break a sweat to infiltrate your company. They can depend on both types of insiders to help them out, wittingly or unwittingly. This threat is the Credential Thief. Credential theft is a type of identity theft that exposes a victim’s personal data to the thief.
Negligence, malice, thievery – an excellent series binge, but not so excellent for your corporate ledger.
The Cost of a Data Breach
There’s a bit of scaling when it comes to the cost of a data breach. By far, the most common cause of a breach is the negligent insider, and the least common is the credential thief. However, the most expensive type of breach comes from the thief, and the cost scales down when the cause is negligence.
Insider violations account for just over 60% of incidents and cost on average about $307k. However, the per-incident cost nearly triples with identity theft-based breaches (over $871k).
Here’s a quick average yearly cost for these types of incidents:
- Negligent Insider: $4.58M
- Malicious Insider: $4.08M
- Credential Thief: $2.79M
Why Do Data Breaches Cost So Much?
Recovering from a data breach is not just a matter of removing the malicious party and refunding the affected victim. It costs money to drive your company surveillance plan, conduct an investigation, respond to each incident, contain the threat and remediate. On average, it takes over two months to close an incident, and these costs all scale with the size of the company and the depth of the breach.
How to Minimize the Threats of Data Breach
There are clear signs that your organization is in danger of a breach incident. Here are some to look for and security solutions to help cut the threats off at the pass.
Untrained employees make for negligent insiders
Call centers handle credit cards, personal customer data and account numbers ripe for data theft. When employees are untrained in your best security practices, they become instant negligent insiders. Employee training is time-consuming and costly, which is why the time investment and quality of employee training are often lacking. This is especially true in call centers where high turnover rates are common. There are, however, some time-tested methods for rapidly training employees in security practices and compliance requirements by using your existing call recordings. It makes sense to put the time and effort into training your employees because data breaches carry a high cost, as do compliance violations.
Shadow IT opens all the wrong doors
We’ve never had a more tech-savvy workforce than we do today. While that sometimes alleviates pressure on your IT department, you can add new pressures when employees use personal devices for company business. This practice, commonly called “Shadow IT” can significantly weaken company security. Your IT department may have successfully secured the company desktop that your employee works on, but what happens when that employee decides to use their mobile phone or personal laptop for company business?
Using personal devices at work is very common, and it can happen through telecommuting or on a long lunch break where an employee decides to log in and get some work done from a cafe or even right at the employee’s desk.
There are multiple approaches to handle this security issue. When on-premises, insist that your employees use only company-provided hardware and software for company business. For your remote workforce, train your employees in security practices and use tools like VPNs to maintain a consistent level of security. Again, a critical area of concern is company phone calls, as they often contain the kind of data thieves like to exploit. Having a secure remote call recording solution is your best bet to encrypting and securing that data, so it’s not the prey of negligence, maliciousness or thievery.
Willfully Negligent employees
Everyone cuts corners from time to time. However, when one of your employees mishandles a credit card number by including it in an email or jotting it down, they’ve broken compliance, increasing the threat of breach to your company.
This issue can be more complex because how employees choose to handle customer data inside the company varies. Rather than trying to track every single type of mistake an employee can make, train them. And don’t just train them in company policy and procedure; take a minute to teach them about compliance and the costs associated with data breaches. The more your employees understand why they have to follow specific procedures, the more likely they will stick to them.
Out-of-date software
Keeping security and software up to date can be a very tricky issue. Every company goes through the pain of rolling out new operating systems and updated security patches. These rollouts can cause delays, shutdowns, blue screens and often lead employees to shadow IT practices. Painful as it may be, security patches should be one of your IT department’s primary concerns since both malicious insiders and credential thieves are acutely aware of how to exploit systems that haven’t been updated.
The difficulty of rollouts is one of the driving forces behind evergreen software solutions and SaaS platforms. If your company can take advantage of any such solution, the security benefit is well worth it.
Defend Against Data Breaches
Think about the data you need to protect. What components do unsavory cybercriminals want to lay their hands on, either through insider action or by direct infiltration? Credit card numbers and identity info are the most lucrative things to steal. Do a security assessment and find out if these items are exposed anywhere in your company, especially your call center. Your call center should have a PCI compliance plan and agent screen recording to protect your most vulnerable data and ensure employee compliance.
Let us help you go over your call compliance plan and protect your business from potential data breaches. Request a demo with one of our compliance experts to learn how CallCabinet can help ensure compliance and secure your customer data.
Brian is a freelance technology writer and media editor based out of Central New Jersey. He’s logged 20 years of experience in the Telecom industry and side-hustles in the record industry. Brian started his career in technology at a company that made analog modems. He migrated to a marketing career in the call recording industry where he learned exactly how and why calls are monitored for quality assurance. These days Brian fuses his skills together to deliver his researched observations about telephony and compliance laws in polished articles and videos. He’s also composed the music for a long list of big Hollywood trailers. He does not miss the sound of analog modems but he is endlessly fascinated with phones.