With Sony, Anthem and Home Depot all recently experiencing data breaches, fear is generating interest in data life cycle management.
It can be easy to dismiss the recent data breaches as something that only happens to large companies. All businesses, regardless of size or industry, however, possess valuable information, such as strategic plans, customer financial data, and confidential personal data such as Social Security numbers, employee medical data, wills and trusts. If that information is lost through a data breach, the consequences could be catastrophic.
“We’re living in a time where people are taking a lot of things for granted in terms of privacy and protection,” says Douglas C. Williams, CEO of Williams Data Management. “Losing sensitive business information can lead to a company going out of business.”
Smart Business spoke with Williams about the sensitive information businesses may not realize they need to protect and the consequences of inaction.
Where are the common threats of a breach of business information coming from?
A breach of sensitive business information usually happens within the storage, retrieval and destruction phases of the data life cycle. The misconception is that company staffers are following the enterprise security policy to protect sensitive information throughout that life cycle, and they typically aren’t.
This is because employees are accessing company servers through personal mobile devices and sharing information through cloud services. Once information is stored off-site in a shared ecosystem, it’s difficult to defend against leaks because information governance can’t exert any control.
Some companies think that documents are destroyed when they’re recycled. There is, however, a time before they’re shredded and put in collection units that documents can be recovered. Unless the information is destroyed by a certified vendor, it can’t be certain that a breach has been avoided.
And guess what? Companies that lease copy machines may not recognize that inside each one is a hard drive that contains images of all the documents they scanned, faxed or copied. At lease end, the machine goes back to the lessor along with all the information transacted on it. This creates another opportunity for a breach to happen.
Should a breach of sensitive business information occur, what could be the fallout?
In the Sony breach, for example, the fallout was that the private conversations and opinions of company employees were made public. That resulted in more than an embarrassment, it was a complete breach of trust that’s been difficult to repair. Sony CEO Amy Pascal shined the light on the risk to CEOs for an incident that could have been easily prevented by a proactive data protection policy.
If the information that gets leaked in a breach is regulated, like HR data, job applications and private health information, there are significant financial penalties.
There’s also the chance, should the breach occur, that a company gets a visit from a government official who wants to see what policies and procedures are in place to remedy the problem. Companies that have no plan may be subject to high fines, penalties and negative publicity.
What is the average cost to an enterprise due to a business information breach?
Penalties can be significant for a breach of protected health information (PHI), which is not just a problem for companies operating in the medical field.
Manufacturers of automotive parts, for instance, could be holding PHI, possibly because they have a self-insured health care plan. That makes those manufacturers covered entities and subject to Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act regulations.
Generally, losing sensitive business information is costly. Target Corp., which lost confidential customer information during a data breach, may potentially have to settle a $10 million customer lawsuit and win back the trust of their customers.
Think of the impact that a breach can have on your business and plan accordingly. Call a data life cycle management expert to help your company plan, store, retrieve and destruct data for greater security. Rely on the experts to devise a business continuity and disaster plan before an incident happens. ●
Insights Technology is brought to you by Williams Data Management