Managing Data Breach Risk

Make It Your Business Priority

Bill Virtue

For today’s organization, managing risks to your critical information should be a business priority, not just an IT responsibility. We all know cyber-attacks damage reputations, destroy customer trust, and affect revenues. Yet, many organizations are still left wondering: What’s the true financial impact of a data breach?

Consider these facts:

  • Lost business costs average $3.72 million (IBM and Ponemon Institute’s 2015 Cost of Data Breach Study: United States)
  • 20% of customers terminate their accounts with breached companies immediately after an incident, and 40% consider it (Ponemon, Lost Customer Information: What Does a Data Breach Cost Companies?)
  • 54% of companies believe it can take anywhere from ten months to more than two years to restore a company’s reputation following a data breach (Experian and the Ponemon Institute)
  • 60% of breached small organizations close down within six months

The Data Breach Reality

The reality is that any company or educational institution that maintains personally identifiable information (PHI) about employees, patients, students, or intellectual property is at risk for a data breach. As highlighted by the White House, the current state breach-notification laws can impose substantial complexity and expense. Even the most innocuous breach can require investigation and response costs, and draw further scrutiny of state and federal regulators.

A classic example is the laptop computer that contained unencrypted personnel files left in the back of a taxicab. The likelihood that the data on the computer will ever be used for identity theft or other financial fraud may be relatively low, but in most instances that will not excuse the company from providing notice to the affected employees and, in many states, the state attorney general. Notice of the breach may then result in a broader inquiry into the company’s security policy. The cost of simply investigating and providing notice can be significant.

Prepare for the Inevitable

Cyber risks will never be eliminated. Today, organizations must remain vigilant and agile in the face of a continually evolving threat landscape. For many organizations, some governance directive such as HIPAA-HITECH, GLBA, PCI DSS, and others mandate encryption. Encryption in the Federal Government is required by entities such as FISMA, the OMB and Presidential Directives and implemented using NIST, FIPS, and other similar guidelines.

However, proof of encrypted data often times provides a safe harbor. For example, the HITECH Act requires that patients be notified of any unauthorized acquisition, access, use, or disclosure of their unsecured PHI that compromises their privacy or security. The HITECH Act defines unsecured PHI as any PHI that is not secured by a technology standard that renders it unusable, unreadable, or indecipherable to unauthorized individuals, and is developed or endorsed by a standards developing organization that is accredited by the American National Standards Institute (ANSI). If PHI is encrypted, it provides covered entities and business associates a safe harbor; and these entities are not required to provide the notification otherwise required by section 13402.

Avoid Becoming the Next Breach Headline

Every day, you hear about another security breach at another big company. Don’t let your company fall victim. Dell provides simple, robust security solutions to safeguard your systems and data, enabling your business to quickly support new initiatives. Dell Data Protection and Encryption can secure your data and help you achieve compliance – and their robust endpoint security solution gives you the power to protect data from the PC to the cloud. This is particularly impactful, as most large enterprises have a hybrid client IT landscape. This solution really sets itself apart from the competition with:

  • Security, Manageability and Reliability – Only Dell offers advanced protection in all three areas of authentication, encryption, and malware prevention.
  • Comprehensive Data Protection – Dell Data Protection | Encryption runs on Dell and non-Dell PC’s, Mac, self-encrypting drives, Microsoft Bitlocker™, USBs, Android and iOS devices, and public cloud – protecting data wherever it resides.
  • One Central Console Manager – All endpoints are managed, including encryption policies, audit, and policy-setting capabilities, from one central location without disrupting existing IT processes.

Think Data Breach Won’t happen to you?

You’re kidding yourself if you think that your organization is immune. Data breaches will happen no matter who or how big you are. So, it’s imperative that you safeguard your most valuable asset – your data. Our security experts stay on top of the latest trends, risks, and attacks. The team agrees – Dell Data Protection | Encryption is worth a closer look. Dell’s Data Security Solutions are designed to help you protect your data wherever it goes. The suite includes an Enterprise version, a Hardware Crypto Accelerator (expansion card) which offloads the encryption process to onboard hardware, a Cloud Edition specifically targeting cloud based encryption, a Mobile Edition for iOS and Android devices, a BitLocker Manager which augments the use of Microsoft BitLocker drive encryption and a Personal Edition ideal for the smaller organization or department use. On laptops, mobile devices or in the cloud, larger enterprises, or small business, Dell can protect your data wherever it resides.

While there is no guarantee against a breach, organizations can greatly manage their risk by becoming more vigilant in covering their bases.