Even smart companies can make data and information security mistakes. Over the past few years, the mistake-prone have included the largest banks, entertainment companies and health care providers. Even law firms are now vulnerable. And it’s not always lack of resources that leads to vulnerability, although for some that’s an issue – it’s often about […]
Even smart companies can make data and information security mistakes. Over the past few years, the mistake-prone have included the largest banks, entertainment companies and health care providers. Even law firms are now vulnerable. And it’s not always lack of resources that leads to vulnerability, although for some that’s an issue – it’s often about common traps that are easily avoidable.
In 2014, the average cost of a data breach to a company was $3.5 million, according to the Ponemon Institute. And some put the costs of Sony’s well-publicized breach in excess of $35 million. The impacts are not trivial, but companies can take steps now to reduce their exposure. In this slideshow, Digital Guardian has identified seven mistakes that even smart companies make, according to some top data security experts, and what you can learn from them.
Click through for seven common security mistakes even smart companies often make, as identified by Digital Guardian.
Securing networks is always a good idea, but endpoints are every bit as critical, particularly since many breaches occur due to human error (downloading malware along with that PowerPoint) or disgruntled employees. Anything connected to the network can be used to bring it down, including testing facilities, end-user PCs and mobile devices, says Artem Metla, OSCP (Offensive Security Certified Professional), security QA engineer at Ciklum. One successful attack can give someone with less-than-honorable intentions the credentials to acquire administrator permissions.
Security projects cannot exist in silos; they need to match up with their overall impact on business goals and revenue, according to Kevin West, CEO of K logix. Security teams miss out on funding because their projects are just seen as an operational expense, not a business enabler. When this happens, data security overall is less effective, since no one except the security team knows why the project is important. Another critical component of getting the whole company aligned with security initiatives is user training. Given the popularity of phishing attacks and other social engineering tactics, employees must receive effective and ongoing training on secure user behavior.
Companies that don’t change passwords often – especially when employees leave – are open to data breaches. Disgruntled former employees can cause serious damage with their still-active passwords, according to Sean O’Donnell, chief technology officer at WebiMax. Additionally, companies must keep track of which users have accounts and access to ensure that passwords are deactivated upon departure.
Data security becomes significantly less effective if a company doesn’t know what’s happening to their data – where it is being stored and sent, who’s accessing it, and how it’s being used. This information is critical not only to understanding the extent of the risks facing your data, but also for measuring the effectiveness of your security efforts. Christopher Burgess, CEO of Prevendra, Inc., asks “where are your crown jewels? Who can access them? What monitoring or anomaly detection is in place to alert of a compromise?”
The U.S. government requires FIPS 140-2 encryption for data. If an encryption method is not tested and validated by an independent laboratory, then the government considers any data encrypted using that method to be equal to plain text. That poses unnecessary risks to companies, particularly with regulators, according to Ray Potter, CEO and co-founder of SafeLogic.
All the technology in the world won’t help if organizations fail to enact policies to protect their data, says J. Wolfgang Goerlich, cybersecurity strategist with Creative Breakthroughs, Inc. Companies need to know how new data is classified and added, who gets access to data and how often access is reviewed. Additionally, there must be policies around backups and redundancies, how data access is controlled and how data is purged. Companies should also evaluate whether their current data loss prevention technologies and strategies will effectively protect them.
Transparency at the first sign of a breach is critical for companies to win back customers and rebuild their trust, according to Giovanni DeMeo, vice president of global marketing and analytics at Interactions. Companies must communicate early – and often – about data breaches and what’s being done to remedy them.
These are just seven of the data security mistakes that smart companies make. You’d be wise to check out the 23 additional data security tips offered by experts on the Digital Guardian blog.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
