|Data Security Experts Reveal the Biggest Mistakes Companies Make with Data & Information Security and by 2022 businesses are expected to spend 134 billion dollars on security software, hardware, and services, up from 103 billion dollars in 2019. And yet, data breaches persist. Most successful companies of today, whether enterprises, mid-market, or small businesses, are either based online or have a firm presence online. And the reality is, just by conducting business online, any one of these companies can suffer a breach in data security. With this the organizations continue to slip up on the basics, which costs them big. But there are ways for companies to fight back. It is evident that there are biggest mistakes companies make with data security.
Businesses should be cautious about choosing a cloud provider that doesn’t let them choose which jurisdiction their data is stored in, or cannot guarantee that their data will stay there. It is always advised to check with a prospective cloud provider where they host their data. Good providers should offer hosting in a range of jurisdictions and should be able to talk to you through the laws surrounding each jurisdiction so that you can make an informed choice as to which is the best place to store your company’s and clients’ confidential data.
Secondly, optimize your site to be mobile for the global audience but don’t rely on apps for check out and build in security features like Content Security Policy, integrate external scripts as an added layer of protection for even trusted scripts, use https to avoid breaches in insecure areas, and educate customers to continually update their browsers. Make the process fast, simple, and intuitive for customers to use.
In 2019, businesses spent approximately 103 billion dollars on security-related hardware, software, and services, as per IDC and is expected to touch 134 billion dollars by 2022. Still, the data breaches keep coming. The 2020 Verizon Data Breach Investigations Report says the use of stolen credentials (usernames and passwords) is the top hacking technique in data breach incidents. This isn’t a new phenomenon. Using stolen credentials has consistently ranked among the top ways enterprises are breached.
Secondly, organizations don’t do an effective enough job ensuring user identities are appropriately managed. For example, when users change their job roles, credentials for the applications they no longer use may not be correctly deactivated. And even when staffers leave employment, such accounts can remain active for weeks, months, and sometimes years. Further, enterprises are often their own worst enemy when it comes to credential attacks. It’s still too common for teams to hard-code and embed passwords and encryption keys within devices, applications, and even software repositories.
Effective security awareness training is the answer. By regularly teaching users to be more conscious of the risks, they will be more careful about which links and attachments they click on. There are services you can hire to send test phishing emails to your users to measure their skills at identifying the fakes.