Five Ways to Reduce the Risk of a Data Breach
What do Uber, Equifax, and Three have in common? They’ve all experienced a massive data breach within the past year. And they are not alone.
By Anne-Louise Dam-Rasmussen, Communications Specialist | February 2018
Data breaches are on the rise and with the introduction of the GDPR later this year, now’s the time to take note. Data breaches are not just bad for your reputation, they’ll soon be really bad for business, too, as the GDPR introduces fines of up to 4% of a company’s annual turnover or Euro 20 million, whichever is higher.
Beware the dangers of digitalization
Automation and digitalization have opened up for new opportunities - but also new challenges.
Many organizations have become more digital to survive, increase their competitive edge, reach large audiences, and reduce their transaction costs.
Add to that the trend to spread out the modern IT environment across both cloud and on-premises, and you have a complex structure, which is difficult to manage and govern. Today’s IT environment means that more and more data is disturbed, and protection and control is more important than ever.
Balance risk and opportunity
Having said that, being able to create a digitally scalable business is key, as companies such as Airbnb and Google have successfully proved. But the key is also to do so without compromising on safety.
Risk and opportunity need to be balanced. No matter how successful you are, a data breach such as those Uber, Equifax, and Three have experienced cause tremendous damage to your reputation, in the form of lawsuits, in terms of fines for GDPR, and in terms of stolen IP, which could be misused by your competitors.
Being able to document that you are in control of your security and your identities’ access rights will to an increasing degree be something organizations’ business partners value. If data is lost, it not just affects the organization in question, but also that of its business partners. It is becoming a competitive advantage and for many a ‘license to operate’.
How to reduce your risk
Organizations themselves can take action to protect themselves from a data breach. Here are my five tips for getting started:
1. Train your employees in good IT behavior and in how to protect your organization’s data
2. Get an overview of your organization’s identities and their access rights – and find out where privacy data which could pose a risk to the company may be hiding
3. Clean up the accounts and get in control by closing down accounts with no owners, so only the right people, have access to the right things, at the right time
4. Introduce ‘segregation of duties’ to identity toxic combinations of access rights
5. Automate how you check identities have the correct access rights, ensuring they are validated and certified on an on-going basis. For GDPR, it is the case that what isn’t documented, doesn’t exist.