Even the tiniest security gap can lead to a data breach. After a $5.5 million settlement, Nationwide Insurance’s breach serves as just one example of the growing number of data breaches each year—making it all the more important you have protections in place.
What Happened
Even the tiniest serious gap can pose serious risks.
Recently settled for $5.5 million, during the 2012 Nationwide Insurance breach personal data like credit information, social security and driver’s license numbers, and other data collected to provide insurance quotes for 1.2 million individuals was exposed.
According to the settlement, the breach was caused by Nationwide failing to install a critical security patch for their systems.
Where They Went Wrong
In Nationwide’s case and in many others, breaches stem from businesses making the mistake of trusting and relying on only themselves to ensure they are always secure.
It’s important to consider the balance between security and efficiency. In the past some data breaches have been caused by the decision to pass on security reinforcements to avoid inconveniencing the customer and hurting the bottom line.
During Yahoo’s data breach in 2015 for example, the Yahoo security team, nicknamed ‘the paranoids’ clashed with other parts of the company over the cost of security—ultimately leading to over 500 million Yahoo accounts being stolen because of insufficient protection.
Learning From Past Mistakes
On top of the financial damage caused by a breach like Nationwide’s, the total number of data breaches is rising year over year—making it all the more important to make data security a top priority for the future.
Identify Top Risk Areas
Start by performing a high-level risk assessment and taking a closer look across your people, processes, and technology to identify vulnerabilities like Nationwide’s security updates.
During your evaluation, try to focus on the most critical areas instead of everything at once. In many cases hiring an external party for an assessment can help to find the greatest areas of risk.
Update Security Procedures
After identifying what needs protection most, another security consideration for breach protection is the system used to store and manage information.
As one example, the sole purpose of cloud storage providers is managing the security for the systems they provide. Safeguards they use include:
- Tiered Access Controls – minimize access to the most important information
- Automatic Security Updates – rely on storage providers to regularly manage and update system security and efficiency as well
- Cloud Encryption – central storage system requires login from user with valid decryption key to access encrypted files
- Two-Step Verification – send verification code to second device upon login to double-check true account holder is logging in
Destroy Before Disposal
For hard-copies always cross-cut shred before disposing of sensitive files and information to prevent dumpster diving.
For digital formats, deleting data does not erase data permanently. Because software exists that’s designed to restore deleted or formatted data, it’s often recommended the drive is physically destroyed instead.
System Self-Auditing
Less than 20% of companies regularly test and keep security plans and procedures up to date.
While auditing your own system, document “action items” and “lessons learned” so you can assign remediation afterwards to iron out any kinks before a breach can occur.
Besides regular system reviews, also be sure your protection plan meets minimum regulatory and legal requirements. Otherwise, a company can be considered negligent in its responsibilities in the event of a data breach.
Need to Step Up On Security?
Whether it’s helping to identify what you need to protect most or finding your most secure records storage and management strategy, Record Nations can help to provide all the tools and information you’ll need.
To learn more about various storage options, how to safely dispose old data, or to get a free, customized quote for your security needs give Record Nations a call at (866) 385-3706 or use the form on the right. In just minutes, you’ll be connected with our network of professionals ready to take your business to a more efficient and secure level.