{"id":2568,"date":"2013-08-12T00:00:00","date_gmt":"2013-08-12T00:00:00","guid":{"rendered":"http:\/\/otava.test\/avoiding-business-disruptions-caused-by-data-breaches\/"},"modified":"2013-08-12T00:00:00","modified_gmt":"2013-08-12T00:00:00","slug":"avoiding-business-disruptions-caused-by-data-breaches","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/avoiding-business-disruptions-caused-by-data-breaches\/","title":{"rendered":"Avoiding Business Disruptions Caused by Data Breaches"},"content":{"rendered":"

A recent study by the Ponemon Institute and Experian Data Breach Resolution reveals that 45 percent of organizations reported having suffered a data breach or security exploit over the past 2 years as a result of negligence or mistakes causing the loss of confidential business information. Thirty-four percent experienced a disruption in business operations, and 24 percent were victims of misuse or theft of confidential business information (i.e., intellectual properties).<\/p>\n

\"2013
2013 Data Breaches; Source: Ponemon Institute<\/figcaption><\/figure>\n

Last year I wrote the article, Michigan Cyber Initiative Reports \u2018People\u2019 as Weakest Link in IT Security<\/a><\/em>, citing the Michigan.gov\u2019s cybersecurity advice about Personnel Security Controls – \u201cPeople are the key ingredient to a successful organization, but people can be the weakest link for security of the environment.\u201d<\/p>\n

Countless data breaches can be attributed to human error, including sloppy IT security practices, like the recent healthcare data breach caused by a health IT vendor that had their firewall turned off for a month, allowing Google to index private data ( read PHI Indexed on Google? Reaffirming the Need for Business Associate HIPAA Compliance<\/a><\/em> for the whole story).<\/p>\n

Mistakes happen, but risk mitigation can start with preventionary tactics such as updated and consistent staff security training. Appointing a Risk Management and Security Officer to conduct training on simple policies to ensure physical and network safety can protect business data.<\/p>\n

According to a Ponemon Institute report, The Human Factor in Data Protection<\/em>, examples of employee behavior that put companies at risk include connecting to the Internet via an insecure wireless network; using personal mobile devices connected to their organization\u2019s network; using generic, unencrypted USB drives and others.<\/p>\n

The security of your organization also extends to the security practices put in place by your contracted vendors (business associates in the case of healthcare). For data center<\/a> provider\/hosting practices, a few physical security precautions include:<\/p>\n