We've said it before and we'll say it again: when it comes to staving off data breaches, the importance of updating software can't be overstated. To reinforce that point, just take a look at some of the findings from the 2015 Verizon Data Breach Investigations Report:
- 99.9 percent of vulnerabilities exploited in data breaches were more than a year old at the time of exploit.
- Some of these vulnerabilities were almost eight years old.
Let that last tidbit sink in for just a minute. Some of the software exposures that allowed for present-day cyber attacks can be traced back to 2007! While software update reminders often pop up on computer screens at inconvenient times, that's no excuse for businesses to ignore them for months and years on end.
These security patches roll out for a reason: to fix bugs and exposures that could lead to data breaches. Once patches are released, hackers can reverse engineer the updates to find the vulnerabilities in old software and exploit them.
The report does offer some good news. Though malware-driven data breaches are still a problem for conventional networks, they aren't really hitting mobile. Android devices may be much more vulnerable than Apple devices, but only .03 percent of them have truly malicious infections. That said, mobile data breaches that stem from loss and theft of the device are still potential problems.
In short, the report is a reminder that small security measures have a big impact. Let's review how much data breaches cost and how businesses can sidestep easily avoidable exposures.
Small Security Oversights = Big Data Breach Dollars
The Verizon report notes that the predicted average loss for a breach of 1,000 records is between $52,000 and $87,000. (To learn more about how Verizon devised its estimated loss model, check out this press release.) However, the type of records stolen plays a key role in the final cost of a breach. As we've mentioned before, an exposed medical record may cost 10 times more than a stolen credit card number.
A 2013 report by the National Small Business Association offers a figure specifically for small businesses: the average cost of a data breach was more than $8,699. However, that number doesn't account for the cost of lost productivity and reputational damage. Customers are on high alert when it comes to data breaches and are wary about handing over their sensitive information to businesses that have made headlines for their security deficiencies.
Good thing a Cyber Liability Insurance policy may help pay for recovery costs, including expenses related to rebuilding your brand's image after a breach.
Steering Clear of the Data Breach Danger Zone
So how can your small business evade those pricy breaches in the first place? Simply put, be vigilant, and get your employees on the data security bandwagon, too. Here are some reminders:
- Train your employees on best practices for data security (e.g., how to avoid phishing schemes).
- Promptly install patches and require that employees do the same.
- Encrypt sensitive data, especially if you handle financial information or medical records.
- Use two-factor authentication for business accounts.
For more data breach facts, check out the post "Top 8 Data Breach Misconceptions."