Data breaches are a worrying aspect to any commercial business, and all business managers must make data security an important function within their organisations.
Recent figures suggest that 2015 had the largest data breach ever reported, with over 191 million records breached. There was also 9 mega data breaches reported; each mega breach had in excess of 10 million records.
These numbers are very disturbing and represent a 23 percent increase on 2014.
However, there is a more disturbing trend that has been identified; more and more companies chose not to disclose the full extent of their data breaches.
The report identified that companies choosing not to disclose the number of records lost increased by 85%, a conservative estimate suggests that the actual number of breaches and data lost will be in excess of half a billion.
There may be legitimate reasons why companies have chosen not to disclose data breaches, such as not disclosing sensitive information that might cause reputational damage or give competitors an edge when securing new client. Whatever the reason the non-disclosure is a worrying and disturbing trend.
Transparency of data breaches is critical when evaluating data security.
In order to protect companys data, there are a number of actions a business owner can perform. One of these is to have a computer systems audit carried out by a professional in this sector. They will review the current working practices and give recommendations that would be advised to implement.
Some of these recommendations may include such things as ensuring that all anti-virus and malware software be updated as soon as you are notified of changes. Make sure staff are vigilant, and if an emails are received from an unknown or untrusted source, that no attachments are opened within the body of the email. Also make sure that the company has a resilient data backup and data restore strategy in force.
In a recent white paper discussed by the EU Council one of the recommendations that were discussed included the responsibility for companies to disclose any data breaches. If this were to be adopted it would focus organisations to ensure their systems are robust and secure, as there is a possibility that disclosure would be part of the statutory accounts. Shareholders need to have transparency within any organisation and disclosure of any data breach would form an integral part of the statutory accounts and reporting.