in the ever-evolving digital landscapecompanies and their employees must remain vigilant to prevent data breaches and make cybersecurity one of their top priorities.
While there is always a threat to the sensitive information companies maintain, local experts say there are some simple steps companies can take to reduce the risk.
Human Factors
Andrew Lindley, CTO of Travelers Rest-based, said the vast majority of data breaches are caused by someone doing something they shouldn’t. Premium Business Solutions.
QBS provides payroll and other business services to companies in every state in the country, and because it handles some of the most sensitive data a company has, it takes cybersecurity very seriously.
According to Lindley, more than 80 percent of data breaches occur when someone within an organization clicks a link they shouldn’t have. And because such deceptive messages and the malicious links they contain are ubiquitous and sent to personal and corporate devices across the globe, employee training is critical to mitigating risk.
“The amount of money and resources devoted to cybersecurity is incredible, and even so, there are still loopholes,” Lindley said. “It’s all about trying to focus on the things that will have the biggest impact.”
Because so many data breaches stem from human error, having the right policies, procedures and training in place can make a big difference, says CEO and co-founder Eugene Luskin Sync.MDan Anderson-based company that has developed a platform that enables people to securely store and access digital health records.
Both Luskin and Lindley say social engineering is one of the most widely used tactics hackers use to trick people into revealing valuable information about themselves. Seemingly innocuous polls or games on social media lure people into revealing important details about themselves, which can then be used to illegally access sensitive data.
Luskin, who worked in data security at Microsoft for more than 20 years before launching Sync.MD, said that despite the Hollywood narrative, cracking data security is actually technically difficult and risks being discovered. That’s why hackers find shortcuts by letting unsuspecting users reveal useful information, and the numbers show that this tactic works.
Educating employees on data security and doing so on a regular basis can pay huge dividends, Lindley said. For example, as part of QBS cybersecurity training, the company sent mock phishing emails to employees to see if they would click on suspicious links.
Through training, the company was able to reduce click-through rates from about 35 percent to 6 percent. This highlights the effectiveness of training, but also reveals a stark reality in the cybersecurity world: there is always some risk.
technical loopholes
New vulnerabilities are emerging due to the proliferation of connected devices and the increasing shift to remote work, Lindley said.
“I can almost guarantee that the home network is less secure than the (corporate) network they’re dialing into,” Lindley said.
Combined with the certainty that other devices such as game consoles, mobile phones and laptops are connected to the same network, the risk factor rises significantly. An increasing number of appliances and smart devices are also connecting to home networks, adding another set of potential vulnerabilities.
To combat these vulnerabilities, Luskin and Lindley say companies should focus on the following areas:
- Make sure all software is up to date and security patches are installed as soon as they are released.
- Implement a layered data security policy whenever possible. Limit data access to only those employees who need access.
- For smaller companies that need to outsource cybersecurity services, make sure the vendor you choose has the proper certifications. (For example, SOC2 is a certification developed by the American Institute of Certified Public Accountants on how customer data is handled.)
The bottom line, Luskin said, is that every company must make data security a permanent priority.
“It has to be done,” he said. “It’s better to overprotect your data… than get hacked.”
Simple steps to protect your data
- Make cybersecurity a priority. Train employees to be aware of risks.
- Control data access. Only grant access to those who need it.
- Monitor network traffic. Watch out for suspicious activity, such as unauthorized downloads.
- Make sure the software is up-to-date and install security patches as soon as they become available.
- Make sure employees protect computers and workstations before they leave for the day.