Are Companies Overconfident About Their Data Protection?

It seems as if a new hacking or data leak scandal makes headlines on the nightly news every week. Every business should be concerned about their data and actively working to ensure it is protected at all times. However, a new report revealed that many businesses are overconfident about their data protection, which could mean trouble for innocent consumers.

The Data Security Confidence Index (DSCI) is a summary of a survey of over 1,000 IT decision makers for businesses around the globe. According to the DSCI, many businesses are confident in their ability to prevent hacks, however they do not have the knowledge or tools that they need to do so. Here are some of the key findings from this report:

IT Decision Makers Trust Perimeter Security

According to the DSCI, most IT decision makers believe that having perimeter security measures in place are enough to keep their data protected from unauthorized users. Ninety-four percent of IT decision makers are relying on perimeter security to protect their data, but 65% of them are not completely convinced that their data will remain secure if the perimeter security measures are not effective. Even though the majority of IT decision makers have doubts about their data’s security in the absence of perimeter security measures, about 60% of them still think their data is secure overall.

The DSCI also revealed that these IT decision makers are putting their money where their mouth is by investing heavily in perimeter security measures such as firewalls and antivirus software. Sixty-eight percent of the IT decision makers who are investing heavily in perimeter security measures still believe that unauthorized users could gain access to their data.

These results have left many people wondering why these decision makers are choosing to invest in perimeter security measures if they have so many doubts about its effectiveness.

Data Encryption

Encrypting data simply means translating it into some other form so unauthorized users cannot make sense of it. Every business should already be encrypting sensitive data in order to ensure it cannot be read by unauthorized users, however the DSCI showed that many businesses are failing to do so.

According to the DSCI, about 28% of the IT decision makers reported a perimeter security breach over the last year. Shockingly, only 8% of the data that was breached over the last year was encrypted, meaning 92% of the data could easily be accessed and read by unauthorized users.

What kind of data are businesses failing to encrypt? Nearly one third of respondents reported that they currently do not encrypt payment information such as credit card or debit card numbers. In addition, 35% of respondents admitted to not encrypting sensitive customer information such as full names, home addresses, phone numbers, and Social Security numbers. Since none of this data is encrypted, hackers could easily gain access to it and use customers’ information to commit fraud.

Even if these IT decision makers wanted to encrypt their data, they may find it challenging to do so given that over half of them do not know where sensitive data is stored within their organization. If an IT decision maker does not know where the sensitive data is stored, it’s very likely that no one else within the organization knows either.

Data breaches have been in the news day in and day out, so it’s quite surprising to see that businesses are not taking these cyber threats seriously enough to protect their data. At the very least, businesses need to make an effort to encrypt data that hackers are actively trying to get their hands on.

The General Data Protection Regulation (GDPR)

The GDPR is a regulation that will go into effect in May of next year. Although it was established in the European Union, any company that does business with customers in Europe must comply with its rules, which means the regulation will affect many U.S. businesses.

Even though this regulation will go into effect in a matter of months, many businesses that participated in the DSCI reported that they are not nearly prepared as they should be. In fact, over half of the IT decision makers admitted that they will probably not be compliant by the time the GDPR is officially in effect.

Any business that does not comply with the GDPR faces serious financial penalties. The European Parliament and Council can penalize non-compliant businesses with a fine of up to 4% of their annual global revenue. For some businesses, this means paying millions in fines simply for failing to protect sensitive customer data. If businesses want to avoid these fines, they only have a handful of months left to start implementing specific security protocols such as two-factor authentication and data encryption.

Putting A Data Protection Plan in Place

Overall, the DSCI proved that many businesses are overconfident about their ability to protect sensitive data. Even the IT decision makers that admitted they are not 100% confident in their ability to keep data secure are still not taking the necessary steps to fix this problem. It’s clear that every business needs to make more of an effort to put a data protection plan in place.

A data protection plan should also account for what happens to the data once the device it is stored on is no longer in use. Data often falls into the wrong hands when the device is carelessly thrown away instead of passed off to a responsible e-waste recycler. But when you work with ERI, you can rest easy knowing that the data on all of your devices will be completely destroyed. For more information on recycling your electronics, or to request a quote for your company, contact us today.