Experiencing a data breach is no picnic, but your security measures might start to feel like one – if you take the insurance company ACE Group's advice.
According to ACE's infographic [PDF], segmenting networks to minimize access to sensitive information is a core component of a data protection plan. But that sounds complicated, so let's put an interesting spin on it.
Let's say you need more whimsy in your life, so you go for a picnic. Little do you realize, you automatically risk manage while packing the picnic basket: everything goes in a waterproof container in case something spills. That way, if a diet soda explodes in the basket, your precious peanut butter and jelly sandwiches will live to see another day.
In this scenario, unauthorized data access is that exploding soda can and your sandwiches are your data – the valuable thing you want to protect. Separating the sandwiches from the rest of the meal in waterproof containers is like segmenting your data via different networks. Only you can access the sandwiches; unauthorized users can't.
Still need time to digest? Let's take a closer look at which parties may try to access your privileged data.
Know the Risks so You Can Have Your Sandwich and Eat It, Too
ACE analyzed data breaches its insureds experienced and found some startling trends. For starters, ACE's data shows that hackers aren't the only ones prowling for data – former employees are increasingly a threat, too. According to the report, in 2014…
- 40 percent of the data breaches were triggered by hackers and rogue employees.
- 20 percent of data breaches were caused by lost or stolen devices.
- 24 percent of insider misuse cases stem from former employees.
- 16 percent of data breaches were caused by human error.
As we noted in the post "23% of Small Business Employees Still Make This Critical Mistake," human error is perhaps your biggest data breach exposure and the hardest one to mitigate. In that particular report, we discussed how almost a quarter of employees open phishing emails. It's not that these employees want to hurt the business and expose its sensitive data – they are simply human and make mistakes. Unfortunately, you're the one who ultimately pays the price for these slip ups.
Avoiding Soggy Sandwiches: Tips for Protecting Your Data
As we mentioned earlier, think of your data security plan as a picnic. In order to do that, you'll need to:
- Identify the food items you don't want to get soggy. This is the step where you pinpoint the important data and set it off to the side.
- Put those food items in waterproof storage. Store your sensitive data in a place where only authorized users can access it. Start by encrypting it, and then consider creating a separate network to house this information.
- Check your basket. Just like you wouldn't want ants marching their way into your basket, you also don't want hackers or former employees breaking into your network. Monitor your networks so you can see when an unauthorized party attempts to access protected information.
- Invite others to the picnic. People can't participate in the picnic if they don't know about it. Similarly, if your employees don't know about your security policy, they can't follow it. Train your employees on your policy and teach them best practices for mitigating data breach risks (e.g., regularly change passwords, only access data on approved software or networks, update software, don't open phishing emails, etc.).
For dessert, consider carrying a Cyber Liability Insurance policy. This policy can help you pay for data breach cleanup costs, such as notifying affected customers and patching up your network. Learn more about this coverage in "Want Data Breach Insurance? Try Putting It in Your BOP."