And why not? Everything gets more expensive as time goes by. In fact, cost of breaches has risen for each of the past three years.
Symantec, folks who ought to know, says the average cost of a breach is around $3 million a year per business breached. If that sounds like a lot, realize that some businesses suffer losses of 10s of millions.
Of course, ever more breaches require ever more security awareness training and education for employees: More cost.
Too, the organization must survey its firewalls, virus and malware protections for currency and comprehension, and just generally expend precious business resources (time, attention, money, assessments for returns, to say nothing of repairs to reputation and breached systems…), thus robbing energy and focus from that main thrust that should occupy any business: Business.
Most breaches and loss or corruption of data are due to human error: Blame the employees. Nah: Actually, there’s enough blame to go around. Management/leadership (both IT and Business leadership) must put the proper emphasis on security and associated awareness.
One way IT can help: Send out a regularized (once a month?) Security Quiz. You can ask such things as “If a web site asks you to… should you….?” You get the idea; come up with a dozen questions. You’d be surprised how lax interns are, in spite of tight IT security orientations, delivered upon hire and start. Not to pick on interns (they probably get picked on enough); regular staff can be pretty abysmal in their actions and activities too. Give away some nominal surprise for the winner: a free day off? Use your imagination – coordinate with HR and management – evaluate the returns. Does the environment seem safer?
Don’t forget data’s liability in the era of portability: USB sticks, laptops, smartphones… Even e-mail is an element of portability: Do not let staff conduct business via personal e-mail accounts, facebook, YouTube, etc. And make a determination, and publication, of expectations for appropriate use of official e-mail. If you don’t spell out the “dos” and “don’ts,” you’ll reap all sorts of silly, expensive, results.
Unfortunately, in the era of all-access, all-the time, breach and business reputation are always in play.
Stay on the responsible forward edge.
NP: How Deep is the Ocean – Ron Affif, jazz24.org