Here at HelpSystems, we hear a lot of buzz about protecting both customer and company data, but it's alarming how many IT departments and enterprise users are still not protecting their data correctly. According to the Ponemon Institute, fewer than 50 percent of organizations have comprehensive encryption protection in place.
Prevention vs. Remediation
Data and network security should be the basis for every IT decision, but too often it’s an afterthought.
The numbers back this up: three quarters of security professionals focus on detection and containment rather than prevention. The budget that could have gone towards preventing an attack or breach is instead allocated to “detection, containment, recovery, and remediation activities.” But that budgeting may not take into account costs incurred by compliance fines, compensation, and the loss of current and potential customers.
A lack of data security can often be attributed to corporate culture and the fear of change. Most companies at the corporate level agree they are committed to data security and protecting customer records.
Related Reading: 10 Cybersecurity Tips and Best Practices
Data security for the millions of files sent over the Internet or within the cloud is of great importance to all industries, including health care, retail, banking, and finance.
Internet transfers include the critical data needed to conduct business, such as customer and order information, EDI documents, financial data, payment information, and employee- and health-related information. Many of these information transfers relate to compliance regulations such as PCI DSS, SOX, HIPAA and HITECH, state privacy laws, or other mandates.
If a company's official stance is to protect their data, what is causing the security holes?
Security Stances Should Extend Beyond the IT Department
The largest security gaps tend to exist in the departments outside the core IT organization. While these non-security-focused groups may understand that they handle sensitive data, they often don't place the same value on data security practices as the IT Security team.
Luckily, the number of companies that still allow their employees to perform file transfers directly from their desktops and laptops using FTP or other unsecure tools is shrinking. And that’s a good thing: not only are these ad-hoc methods usually unsecure and capable of exposing passwords or entire databases, they don't all function alike and don't provide centralized logs or overviews of how your data is flowing within or outside of your organization.
Related Reading: How a Data Security Breach Puts Your Organization at Risk
Even when a secure solution is in place, employees often try to find a shortcut around the solution in another way. If the security solutions in place aren’t user friendly, they may as well not be implemented at all. It’s critical that departments throughout any organization know what tools are available to them, how to use them, and most importantly why to stick to the prescribed tools rather than bypassing them.
Employee Education: The Number One Prevention Method
Educating employees about the dangers of unsecured data transfer, alongside its cousin unnecessary data transfer, is more business-friendly than preventing unsecured file transfer all together.
Part of this process should be moving everyone to a secure file transfer methodology, such as managed file transfer. Secure file transfer software is the front line of data security: it not only secures your data transfers, but creates a digital paper trail showing where assets are going. This is especially important when you consider all the data security compliance regulations in effect today.
Related Reading: New Tech and New Hacks: How Are Cyber Risks Changing?
Creating a Data Security Culture
Seventy-three percent of businesses agree that a strong security stance makes their business success much more likely. These are businesses that all prioritize weaving cybersecurity into everyday practice, including IT and overall organizational culture.
As IT security leaders expect attacks to rise, we need to grow a data security culture. This includes all aspects of data security for your organization’s files: awareness of the data you have on hand, limiting its exposure, and ensuring a secure way to move it from A to B and during file storage.
Gain visibility into and control over all areas of your organization’s data processing with HelpSystems’ suite of data security solutions.
Discover Data Security Solutions from HelpSystems