As 2017 begins, organizations, media and analysts alike are reflecting on the previous year’s events – and recognizing there’s much to learn about the state of data security. Although the space continues to evolve, issues like ransomware, user behavior, sensitive data management and compliance continued to incite breaches and wreak havoc across industries in 2016. In each of these cases, sectors like financial, legal and healthcare can face increased risks, particularly small to medium-sized enterprises (SMEs) and startups in each space. Below are four December news stories about developments in the overall security landscape.

Why startups must step up on data security (by Kate Bevan, Financial Times)

Compliance regulations and data protection laws apply to all businesses and individuals equally – from startups to global enterprises. Startups should make risk management, data protection and compliance initiatives top priorities from Day One in order to establish practices that protect the business as it grows.

Chicago law firm accused of lax data security in lawsuit (by Gabe Friedman, Bloomberg Law)

Johnson & Bell, a Chicago-based law firm, is working through a class-action complaint that the firm failed to protect the data on its servers, despite marketing itself to clients as an organization that used leading data security tactics. Specifically, the complaint refers to the firm “as a data breach waiting to happen,” largely due to IT processes and components that had not been updated in 10 years. In the legal industry, it’s more critical than ever to align security and IT practices in order to maintain clients’ security and trust.

Data breach rates rise 60 percent in November, more than 400,000 records stolen (by Jessica Davis, Healthcare IT News)

According to the Protenus Breach Barometer, security breach incidents in the healthcare sector rose by 60 percent between October and November 2016. Employee errors and instances of malicious behavior were responsible for the majority of data loss – meanwhile, hacking accounted for only nine breach incidents, down from 14 incidents in October. To protect sensitive data in the new year, organizations managing healthcare records should be sure to have a plan for monitoring user access controls and anomalous behavior.

Don’t pay up to decrypt – cure found for CryptXXX ransomware, again (by Iain Thomson, The Register)

Anton Ivanov, security researcher at Kaspersky Lab, warns organizations to avoid paying ransoms to cybercriminals whenever possible. Although ransomware is a wide-ranging issue in the enterprise that will continue to evolve long before it’s solved, paying a ransom can encourage the practice by providing monetary incentive for criminals. Still, Ivanov suggests saving corrupted files in the wake of a ransomware attack in hopes of a decryption tool coming to light in the near future. To increase protection against ransomware as a whole, organizations should focus on frequent, regular, comprehensive backups to secure storage systems.

Subscribe to the DataGravity newsletter for more news and tips about data security.