With the widespread proliferation in the use of digital files and dependence on digital data by organizations, a data breach has become a fairly common practice. Though an identity theft is the most common type of a data theft, the financial sector is also a soft target for cyber conmen which puts financial access data thefts as the second most common type of data breaches. In fact, 2015 witnessed the compromise of about 120 million financial identities! Financial access data thefts can amount to an astounding annual loss of 13.5 million USD on an average, the highest amongst all other industries.

The Costly Affairs that Data Breaches Are!

A Data Breach is a costly affair to handle. Based on past incidents, the average cost for every stolen or lost record that contains sensitive information is valued at $141 (USD). If we look at the more country wise scenario as of 2017, the average total cost of a data theft is $7.4 (USD) for the United States and $1.7 (USD) for India.

So whether you like it or not, in case you do end up becoming a victim of a data breach, you will end up losing your money and brand name! The important question to ponder on is whether the pelf that you shell out is the minimum you ought to have paid or will you also join the league of those responsible for steering the upward growth of the average cost of a data breach? Although hackers have increasingly proven their mettle in cracking the most secure of systems, you still need to regularly reinforce your strategies for avoiding a data breach and dealing with its aftermath.

Here are some tips on how to avoid a data breach in the first place, and in case the data breach bug still manages to bite you, the following section shall give you the steps to take following a data breach.

How to Avoid a Data Breach?

1. Physical Data Breach

Human errors such as loss of devices containing sensitive information or sending e-mails to the wrong recipients are a regular occurrence in almost every organization. However, no matter how common such mistakes maybe, they account for some of the top causes of organizational data breach. A physical data theft can also result from the theft of devices or from meddling with permissions or security protocols. In order to protect yourself and your organization from such intentional or unintentional data breaches, you can resort to the following methods:

• Encrypting the devices used by employees
• Conducting a regular back-up of the devices
• Ensuring that you password lock devices when not in use
• Stowing the devices in secured and preferably locked locations
• Being cognizant of custody chains by maintaining audit trails
• Training staff for handling data securely and safely
• Considering taking a professional indemnity insurance for the worst-case scenarios

2. Weak Credentials

Most individuals prefer not to spend much time or effort in choosing a strong password when protecting their devices or confidential documents. However, weak passwords provide an easy gateway for hackers to access data that you seek to protect from espionage. Often this could result in the compromise of your or your organization’s financial information, subscription information, personal information and other confidential data. To avoid risks of a data breach due to poor security controls, keep these tips handy:

• Make it a point to enforce password policies
• Ensure that you also have lock-out policies in place
• Enforce role-based access controls while sharing enterprise data
• Educate employee about the need to ensure rigid password protection
• Implement 2-factor authentication in the organization

3. Application Vulnerabilities and Malicious Attacks

Enterprises are using newer and more sophisticated applications and software these days for effective handling of operations and offering a better consumer experience. Even an individual’s phone is stuffed with innumerable applications, whether or not they are required. While most of us do not bother to read the privacy policy and other terms and conditions before permitting an app to utilize our personal data and location, it is imperative to note that applications can result in data breaches in ways beyond our comprehension. Additionally, an organization, as well as any individual, is always susceptible to data breaches caused by malicious attacks such as ransomware, hacking and malware. Some methods which can be used to combat such data breaches are listed below:

• Regular updating of all applications and software
• Monitoring all key software closely identifying vulnerabilities and handling them proactively
• Educating employees about phishing emails and how to identify suspicious links
• Implementing robust firewalls to dilute the chances of cyber attacks
• Ensuring all systems are patched
• Implementing network segmentation
• Involving professional cyber security experts to help you or your organization in reinforcing data security and adopting prompt incident response steps

It is also essential to note that maintaining only your own cyber security is not sufficient. Just as your business is incomplete without your vendors and other business partners, you need to ensure that they adopt necessary steps for cyber security too. For the same, you should establish a rigid framework of policies to ensure that your data is safe even when it is being utilized by a third-party.  

The bottom line is that apart from ensuring robust cyber security measures within the organization, combating data breach also requires an organization to educate and train employees on cyber vulnerabilities and the methods of protecting confidential information. Organizing regular Cyber Security Awareness Training also is an effective means of educating individuals on how to remain vigilant and have proper security measures in place.

However, in spite of doing everything right, did you still fall prey to a data breach? So, here’s what you ought to do.

What to Do After a Data Breach or Identity Theft?

In case you have been a victim of a Data Breach or Identity Theft, the availability of your financial information to the perpetrators is the major cause of concern as it could be used to render you penniless. In such a case, a prompt data breach response is what can make a huge difference. Here are the immediate data breach response steps that you should take in case you suspect or have already fallen prey to a Data Theft.

1. Evaluate the Loss

Right after a data breach, one should carefully assess what has been stolen? Names and addresses are less of a concern than letting email addresses and financial details fall into the hands of hackers. A precise understanding of the stolen data shall enable the victim to decide the next course of action.

2. Request a Fraud Alert

The moment you suspect that you have been the victim of an identity theft or fraud, consider alerting lenders and potential creditors by placing a fraud alert on your credit report. This is a free service provided by credit bureaus and requires creditors to provide a confirmation each time a credit request is issued in your name.

3. Check Credit Reports

In the aftermath of a data breach or identity theft, it is essential that you review your credit reports and history. Check for any signs of suspicious activities and payment histories or new accounts that are unknown to you. Also, make sure that you get fraudulent data removed from your credit reports using the identity theft report.

4. Analyze Credit Statements

Observe your credit statements carefully. If you notice any unnatural transactions or suspicious activities, call your card issuer immediately. In case of a credit card, they should be in a position to cancel your card and refund you the amount of the fraudulent purchase.

5. Freeze Credits

The moment you suspect an identity theft, make sure that you place a freeze on your credit. This small step would ensure that the identity thieves are not able to open new accounts in your name. A credit freeze shall lock your complete credit information. However, do remember to lift the freeze before deciding to apply for a new credit card or applying for a loan or mortgage.

6. Take Preventive Measures

Although prevention is always better than cure, not many organizations and individuals take their data security seriously. Many small-scale organizations feel that they are too small an entity to be attacked by cyber conmen. However, what they fail to realize is that as long as there is personal data to be exploited, hackers are all game for it. It is essential for organizations to ensure that they have robust firewalls in place and engage in training their employees on cyber security.

Fortifying Cyber Security with Incognito Forensic Foundation (IFF Lab)

Incognito Forensic Foundation is a private forensic lab that is headquartered in Chennai and has a pan Indian presence in the domain of digital and cyber forensics. Data Breaches have become an everyday occurrence and IFF Lab is committed to providing quality solutions and services to organizations and individuals to avoid a data breach and adopt a robust data breach response mechanism. It requires you to be proactive in order to avoid a data breach from impacting you or your organization in a significant way. And for the rest, IFF Lab is there to assist you. With their services for data protection and information security, penetration testing, website security and application testing, network protection, darknet monitoring, unethical hacking investigation and incident response, one can be rest assured that IFF Lab would leave no stone unturned in assessing an organization’s current vulnerabilities and providing solutions to fortify cyber security.