There are some categories where no company wants a first-place ranking: number of defective product recalls, number of malpractice suits and largest number of records exposed in a data breach, to name a few. (That last title, most records stolen in 2019 (106 million), went to Capital One, a The McLean, Va.-based financial services giant .)
More than 137 million records were exposed in the 10 biggest data breaches in 2019, according to information compiled by the Identity Theft Resource Center and the U.S. Department of Health and Human Services. Six of the 10 largest breaches impacted medical or healthcare organizations, with two breaches hitting government agencies, one breach walloping a bank, and one breach striking an educational institution
This past year the Identity Theft Resource Center also recorded 10,000 publicly-notified data breaches since 2005. Healthcare providers and insurance companies continued to be some of the hardest-hit targets this year, thanks to the overwhelming amount of personally identifiable information (PII) they gather.
Reaching for your Excedrin yet?
Data breaches are major headaches for high-security-risk organizations, like financial institutions, healthcare providers and wealth managers. It can cause devastating financial losses and affect an organization’s reputation for years. In its 2019 Cost of Data Breach Study the Ponemon Institute, sponsored by IBM, found the average total cost of a breach is approximately $3.92 million and the average number of records in a breach is 25, 575.
Beyond cost, hacking incidents cause severe side effects, like reputation damage, loss of trust and diminishing customer base. Factoring in reparations, potential fines and likely stiffer regulation, and it’s clear that following best practices for preventing a breach is better than the cost and grief of recovery.
With the growth of digital banking and the use of business analytics, as well as people’s reliance on digital shopping and ordering, we’ll see an explosion in the amount of sensitive data flowing around the world. Below are a two trends predicted by the Identity Theft Resource Center for 2020:
The Long Road to Privacy
The theme of 2019 was data and 2020’s will end up being privacy. People care about privacy. If you ask anyone on the street if they care about privacy, most will tell you they do. However, when they are presented with real-world scenarios, they usually do not adopt behaviors that would be considered privacy-centric.
Data Breaches at the Forefront
As in years past, data breaches were also at the forefront in 2019. It is something that could continue to happen in 2020 because more businesses are moving to cloud-based databases. Many times the security of the database relies on the inherent security settings, which may or may not be robust, rather than custom security settings.
What can you do now?
Virtual StrongBox incorporates rigorous and comprehensive security practices to protect banks’ data and their customers’ PII. Consider these security protocols from our expertise and years of helping financial institution safeguard sensitive information:
- Safeguard all data no matter where it is in your system. Of the 5 million hacked records in 2019, most of the stolen data was useless because it was secured by encryption technology. At Virtual StrongBox, our patented end-to-end security protect banks’ data and that of their customers at all times.
- Restrict downloads and external transfer of data. Your information is vulnerable when files are copied to flash drives, insecure software is downloaded, or being sent via Bluetooth connections, as these all have areas of exposure. Rather than sending sensitive information via email, “snail mail,” fax or other weak channels, choose a Secure file-exchange platform. Virtual StrongBox provides clients and their customers convenient, immediate access to their files and documents, while the data remains encrypted on our servers.
- Protect every computer and mobile device. Make sure your bank has appropriate security for all desktops, laptops, tablets, cell phones and company servers. Use strong antivirus software, internet firewalls, and security suites, and continuously track who has access to the equipment, regularly updating and testing security protections.
- Enforce a “strong password” policy and eliminate auto logins. Require various character types and force periodic password updates. Set restrictions on reusing old passwords or the same ones for multiple programs. Don’t allow employees to automatically log into websites and email systems unless they are secure, certified sites or computers.
- Educate employees and customers on fraud prevention. Set up automatic reminders to not open emails or download attachments from unknown senders or unfamiliar addresses. Urge them to never provide usernames, passwords, account numbers or any other PII in an email message or pop-up window. Email is not safe! Also, require staff to “log off” after using secure service sites.
Breaches aren’t going away. Cybercrime is a lucrative business and hackers will continue creating new schemes to get at your data. Fight back through constant vigilance, updating your software as new versions are available and using security best practices including data-encryption. Financial institutions are prime targets for cybercriminals, and your customers trust you to safeguard their private information; make it a top goal.
Ron Daly is the president and CEO of Virtual StrongBox, Inc. a platform designed with the highest levels of data security required by Financial Service firms that enables the secure collection, storage and automated exchange of personal information between the firm and the digital consumer. Our customizable solutions help our partners quickly deploy consumer-driven innovations and new products as well as solve DX problems and create operational efficiencies at significant time and cost savings over other alternatives. For more information, visit www.virtualstrongbox.com.