With the amount of data that companies now collect, security has become a bigger concern for consumers, especially when considering their vulnerability to identity theft. For the most part, companies have seemed to listen to these concerns. According to a 2015 PricewaterhouseCoopers survey, businesses – particularly small organizations – are spending more than 25 percent of their IT budgets on security.
However, with major data breaches striking some big name corporations, it’s clear that companies of all sizes are struggling with security. The PWC survey reported that 55 percent of large businesses were attacked by an outsider, while 73 percent were infected with a virus or malicious software in the past year (a 59 percent increase from the year before).
According to the Wall Street Journal, corporate data security doesn’t necessarily need to be “spy-grade technology.” In fact, the steps needed to fight against these types of attacks can be as simple and routine as updating software, enforcing security standards and conducting system audits. If it’s that easy, though, why have there been so many missteps?
Where corporations are going wrong
A feature on CIO.com pointed out that many corporations still assess their security risks based on the past, not considering how much the circumstances have changed. Using the example of the 2014 Sony Pictures hack, CIO.com explained how so much of hacking has changed, especially in tactics and motives.
James Lewis, a security expert at the Center for Strategic and International Studies in Washington, D.C., told the site that hackers after these big targets “will just keep trying and won’t give up.”
“The Sony hackers were vindictive,” he said. “This was not done for money – it was politically motivated, and there was no effort to sell the data they stole.”
With more hackers working to expose a big corporation’s vulnerabilities to tarnish its reputation and hurt its business, instead of to just make a financial gain, the chances of a breach are even higher than before. This means companies that don’t necessarily have “sellable” data still have information of value to hackers.
While these kinds of attacks are mostly targeting corporate data (especially in the case of Sony Pictures), it certainly changes how consumers think of the companies handling their data. In cases like the 2013 Target hack that stole millions of credit card numbers, the attack served to expose a large corporation’s vulnerabilities as well as misuse its customer data.
How companies can better prepare
Along with understanding the changing landscape of risk, Forrester Research security and risk analyst Heidi Shey told ZDNet that one of the foremost strategies in data protection is for companies to treat consumer data as if it were corporate.
“In today’s age of the customer, data protection really needs to be thought of as a corporate social responsibility,” she said. “One, because it’s true. And two, because it’s something that the rest of the company can really rally behind and feel good doing it – because it’s the right thing to do.”
Shey went onto explain that customers are much more aware of security risks and make calculated decisions based their awareness. For that reason, it serves both the corporation and the consumer to protect data as well as possible.
Another strategy companies can employ is partnering with a company that provides data breach services. Breach service companies can provide a business with identity theft protection for their customers, instilling brand confidence that may falter during a cyberattack and helping to protect consumers who may be dealing with the effects of the data exposure for years to come.
Breach services aren’t the only measure companies are embracing—reports show that 35 percent of employers already offer identity theft protection as a voluntary benefit for their employees, and this is expected to double in 2018.
Data protection is not just a corporate responsibility,there are many ways for consumers to take security into their own hands. Think carefully about the credibility of companies and institutions you share your information with, protect your accounts with strong passwords, avoid oversharing on social media, and always ask how your information is used, shared and stored when you give it to a company. These efforts are especially important as data breaches can result in identity theft.