One of the more prominent setbacks in the cybersecurity arena for more than a decade now has been the widespread lack of awareness regarding the threats that face businesses and, in some instances, the degree of ignorance is troubling. For example, several studies conducted last year revealed that many enterprise executives, and even leaders in the health care sector, were choosing to not invest more in security because they felt it was more affordable to simply run the risk of experiencing a breach.
This is not only discouraging, but completely insane to boot, as the cost of a data breach is extremely high and still rising, and this does not even take into account the economic damages associated with hindered customer trust and poor brand image. Additionally, a lack of awareness among leaders will almost certainly translate to higher risk of negligence among lower-ranking employees, as decision-makers are responsible for setting the tone of the security discussion.
With this in mind, it is not all that difficult to understand why negligence and employee errors tend to be among the most common causes of data breach across industries today, despite being a straightforward problem to mitigate in many instances. The time is now for companies to take security more seriously, and this is especially true for firms in the health care sector, where breaches have increased in frequency and subsequent damages consistently over the past few years.
Same old story
HealthITSecurity recently reported that two new reports have indicated just how dangerous negligence and poor training have become in the health care sector, as well as other industries for that matter. According to the news provider, one study revealed that employees are too often not aware of their responsibilities when handling patient data, most notably when they are tasked with deleting or disposing of the files for one reason or another.
Now, this is not necessarily only a product of poor leadership and decision-making, as it can be somewhat difficult to craft the perfect security strategy, which would essentially ensure that employees are supported and governed properly. When the policy leans too far in one direction or the other, the chances of rogue activities and other dangerous issues will be inherently higher.
"The challenge with the risks facing these areas is finding the appropriate balance between security and usability," the authors of the study told HealthITSecurity. "Organizations will need to review and deploy a proper combination of access control and encryption for data in transit as well as encryption for data at rest in order to reduce their risk landscape."
Citing the results of another study, the source pointed out that 37 percent of reported security incidents last year were caused by negligence.
"Incidents do not only occur at businesses that have payment card data or protected health information," Theodore Kobus of legal firm BakerHostetler, which conducted the research, told the news provider. "Privacy and data security issues are firmly entrenched as a significant public and regulatory concern and a risk that executive leadership and boards of directors must confront."
When business leaders do begin to take these matters more seriously and bring security up to the top of the priority list, they will have taken one of the more difficult steps in the right direction. By understanding their company's strengths and weaknesses, the necessary support and solutions should become immediately clear.
Decision-makers might benefit from partnering with a managed service provider that specializes in email encryption, secure cloud and other mission-critical aspects of IT defense.