Businesses and consumers alike have been hearing about data breaches for months now. With that in mind, securing customer data should be a top priority, and most businesses will say it is – and yet, judging by responses to a recent survey, maybe it’s not as high up on the list as it should be.
In a report set to be released this month, Trustwave Holdings Inc. tapped a third-party firm to poll 476 IT professionals on security within their organizations, between July 2013 and November 2014. These professionals hailed from 50 different countries, though the bulk of respondents came from the U.S., the U.K., and the U.A.E. About three-quarters of respondents came from small to mid-sized businesses, and most respondents worked in tech, financial services, or business services.
What researchers found was that 81 per cent of respondents say their businesses store and process financial data, with 41 per cent dealing with data from payment cards. Another 71 per cent said they store and process intellectual property data, while 78 per cent regularly work with sensitive data while online.
Yet 63 per cent of respondents don’t have a “fully mature” method of tracking sensitive data, let alone keeping it under wraps. Another 19 per cent said they don’t have any method in place at all.
And while most businesses seemed to have procedures in place for doing regular vulnerability scans on their systems, installing patches, and keeping their offices physically secure, 68 per cent of respondents said their businesses often transfer sensitive data between locations. That increases the risk of data being lost – and worse, just 49 per cent of respondents said they’ve fully encrypted their sensitive data. Thirty-one per cent have only partially encrypted sensitive data, while 20 per cent don’t do any encryption at all.
For some businesses, one reason they don’t always put data security first might be their employees. Eighty per cent of respondents did have an established process for reporting security incidents, but just 60 per cent said they totally understood their legal responsibilities in securing data, with 35 per cent of respondents saying they had at least a partial understanding. However, five per cent were totally in the dark about their legal obligations in keeping data secure.
And in terms of employee education, a little less than half of respondents – or 47 per cent – said they get their employees to sign off on their business’ security policy each year. Eleven per cent went further and asked for signatures twice a year while 18 per cent do it quarterly, but 24 per cent said they’ve never taken that step – which makes it much easier for an employee to slip up and open the way for a data breach.
Ultimately, businesses have learned a lot about data breaches in the past year or so, thanks to the flood of headlines about high-profile targets that have gotten hit by attacks. Consumers have heard about these breaches too – and businesses need to remember that to keep their trust, they’ll need to keep their data locked down.