A data breach is catastrophic for any industry, but for the finance sector it can quickly lead to loss of consumers’ trust and reputation damage that could be terminal for the business. With research suggesting a third of customers in finance, retail and healthcare who will stop using an organisation if there has been a breach, our Director of Managed Services, Terry Storrar, gives five steps to minimise the risk of a data breach.
1. Be vigilant
Vigilance is key. An organisation’s strategy should include adhering to the most up to date practice guidelines and then proactively questioning their organisational set up to identify the associated risks.
A business continuity plan should be in place and regularly reviewed at Board level. This way all the risks and implications to the organisation are visible from the top down to avoid critical actions being hampered by lack of senior buy-in and budget availability.
2. Classify your data
Data classification not only ensures compliance with key industry regulations but also reduces risk. The most sensitive types of data should be subject to the most stringent levels of security and those with access should be kept to a minimum. Staff that are granted access must be familiar with the data classification and the protection of that data. If this critical and/or sensitive data was to suffer a security breach, it would have significant business risk.
3. Use patch updates
Manual updating is time consuming and all too often the latest updates are missed when they become available. Patch updates provide the automatic technology to identify the vulnerable applications and then deploy the latest updates as soon as they become available.
4. Train your staff
Human error accounts for a large percentage of security breaches, with the wrong recipient for an email accounting for the majority of these security breaches. Training your staff leads to a well-informed workforce – this is imperative when avoiding a threat to an organisation’s IT systems. Ensure your organisation has a process in place that regularly reviews cyber security risks and that all staff are regularly trained. Whether it be board level down to the rest of the organisation – the technology is only ever as good as the people using it
5. Foster a culture of security
Fostering a culture of security means ensuring that every employee within the organisation is aware of the threats they could face. Hackers are finding new ways to access data and employees need to be consistently aware of threats. In a cyber security landscape that is continuously changing its staff, employees can no longer be trained through one-off training sessions; instead create a culture of eternal vigilance and hyper security awareness to minimise the risk.