Does your organization have a false sense of data security?
If so, you’re not alone. Security incidents aren’t always preventable, but when organizations forgo proactive data protection measures, they risk facing the consequences. Recent reports from the healthcare space, midmarket organizations and higher education show that it’s more important than ever for organizations to claim responsibility for data security. Below are some of this month’s top security news stories and tips for your team to turn each instance into an action to protect sensitive data.
The FTC’s data security error: treating small businesses like the Fortune 1000 (by Gus Hurwitz, Forbes)
Seven years ago, the Federal Trade Commission began investigating a cancer testing lab with allegedly problematic data security practices. The lawsuit shuttered the company, which has since continued fighting the case with pro-bono legal support. Forbes contributor Gus Hurwitz criticizes the federal agency for penalizing the lab, and other small businesses, for suffering a data breach instead of instituting formal guidance about security and defense practices. The case also shines light on organizations’ responsibility to take control of their data security.
Ransomware: Why it’s a really big problem for small businesses (by Danny Palmer, ZDNet)
In the last year, organizations watched ransomware evolve from an inconvenience to a company-killing threat. While big businesses dealing with ransomware tend to make the news, small and medium-sized businesses are equally at risk – and they often lack the resources necessary to deflect an attack. Preventative actions, such as securing sensitive data and auditing information on a frequent basis, are key to diffusing ransomware threats.
Health organizations spending big on cybersecurity (by Tara Seals, Infosecurity Magazine)
As reported by the “2017 Thales Data Report, Healthcare Edition,” recently issued in collaboration with 451 Research, 81 percent of U.S. healthcare organizations will increase information security spending in 2017. Seventy-six percent of global healthcare teams will follow suit, and the industry’s motivation is clear: 90 percent of U.S. respondents to the survey feel vulnerable to data threats. The report encourages healthcare IT pros to think beyond network and endpoint security technologies, and instead, focus on security at the data level.
Email lists revealing students’ private information remained public for years (by Hannah Natanson and Derek G. Xiao, Harvard Crimson)
Do you know who has access to your sensitive data? The Harvard Crimson reported that more than 1.4 million emails – including information about students’ grades, financial aid data and at least one Social Security number – have been available to the public for years. Administrators were generally unaware that the email lists and records were private, with one university staffer sharing that he was “never given any indication to the contrary,” and was “never aware of any security concerns.” Although it’s not yet clear if any harm resulted from the emails being public, the instance shows how a simple miscommunication can easily result in sensitive data exposure.
Subscribe to the DataGravity newsletter for more tips, tricks and news about data security.