It seems data breaches are NOT a thing of the past and are occurring more frequently.  In a recent article by Tracey Kitten of Bank Info Security, the speculated end goal of a breach is for hackers to collect PII (Personable Identifiable Information).  This information can ultimately be used to steal a person’s identity, overtake bank accounts, and even spy on corporations and government.  When enough PII is collected, hackers will try to infiltrate the systems and networks with phishing attacks. 

Notifying customers of a data breach should not be a burden because after all, they are a company’s assets.  The notification process should already be part of a company’s data breach response strategy, if best practices were followed in developing a response strategy.  A data breach is costly to the bottom line and also to the reputation of the company.  Having a customer find out on their own that their information has been compromised will not sit well with them or the public eye.  How your company wants to notify customers is all up to you but it should definitely not be burden to let the affected know firsthand.  

However, the best defense is to do everything to prevent the breach. 

Protecting your company’s bottom line and reputation after a data breach can be very difficult and costly.  So it is a good practice to have a data breach response strategy in place just in case you have to answer all those daunting questions from “how does this breach affect the company’s financial situation” or “how did this breach occur?”  It’s best to have a response strategy in place so your company is not scrambling to find answers.   

In an article on “How to develop a data breach response strategy” written by Kim Getgen and John W. Woods for Searchsecurity.com, both bring forth the reality that most security professionals are aware of how commonplace cyber threats are becoming.  Kim and John suggest ways to develop a data breach disclosure strategy in case your company becomes a victim of a breach. The guide should help your company respond timely and wisely to a data breach.

“Sony on Monday said that it expects the cleanup cost from the data breaches it's suffered to cost at least $171 million,” reported by Mathew J. Schwartz of InformationWeek. 

$171 Million. Think about it. And there are the public relations clean-up costs as well. 

Loading up your network with multiple layers of security protection is of paramount importance if you want to do all you can to prevent a costly data breach. The money a company invests in securing their network is inexpensive compared to the cleanup costs and tarnished brand that could occur as a result of a breach.  Moving to a least privileges environment is a best practice to be highly considered.  As noted in Neil MacDonald’s recent blog post, “One of the top recommendations I made to increase your security “bang for the buck” in 2011 was to increase the percentage of users that run without administrative access.”

Removing administrator rights from the end users significantly reduces the number of malware introduced they will not have permissions to download or install unapproved software that could corrupt your endpoints.  After removing administrator rights, IT can utilize privilege management and application control software to enforce consistent policies for endpoint access to enterprise applications and desktop functions by controlling user rights for desktops and mobile users.   

Do you know the cost of a data breach?

As reported in PC Pro by Nicole Kobie 04/21/2011: ISPs and telecommunication firms in the UK will be required to tell the Information Commissioner if they suffer a data breach. This reporting could become a mandate soon since the ICO has recently been under fire for failing to take action on many reported data breaches.

The new rules would be the first data-breach notification requirements in the UK, an ICO spokesperson told PC Pro. While the regulation is yet to be finalized, it "looks set to happen," the spokesperson said.”

The full article can be read on pcpro.uk.co: http://bit.ly/hl7jLa

Viewfinity knows the reality is that no company wants a data breach, let alone having to report it and making headlines in every media outlet. Mitigating IT Security risks at your company is crucial and it requires multiple layers of security protection.  Removing administrator rights from end users, combined with using a privilege management solution can provide that additional needed layer of protection to secure your endpoints and eliminate the public relations and financial disasters that go hand in hand with a data breach.