University spends time and money to recover from data breach
Does your company have a sophisticated data security system void of holes and weaknesses? Or does your network leak? Is your system fortified by state of the art, environmentally responsible data destruction practices? Or is your philosophy on a data breach disaster: “It won’t happen to me”? If the latter applies to your company, you’d better hope you’re lucky, because the cyber crime and disaster recovery industries are booming.
A few months ago Ferris State University suffered a nearly devastating data breach. The catastrophe that befell the medium-sized university resulted in the public exposure of over 60,000 names and Social Security numbers, including thousands of optometry school patients.
The school is conducting an extensive review to determine how it can strengthen its network security. While this is the appropriate course of action, it could’ve taken place before a security breach. Instead, it has cost the school a lot of money, and required significant effort, as it discovers the thriving industry of data disaster recovery.
Recovering from a data breach will cost you.
Ferris State University had to hire a computer forensics firm to spearhead an investigation into its data breach. The fact that there is an apparent need for such firms indicates just how common it is for a company to be thrust into damage control mode. And it’s not just common; it’s complicated. Anyone who’s seen CSI knows that when the forensics team comes in, the issue is beyond severe. They’re the experts, and if you need them, you’re in trouble.
Beyond spending the time and money to hire its team of experts, Ferris State had to overcome further hurdles in the wake of its security breach. In a scramble to plug the leak of information, the university took a drastic measure. It shut down the server! Individuals who had their information exposed had to be notified by mail.
Imagine how your business might function during a server shutdown. How would customers react to such an inconvenience? Depending on the nature of the company, business could come to an abrupt halt.
In addition to hiring external help, Ferris State had to allocate internal resources to the effort as well. It established a call center just to manage all the questions and concerns regarding the data breach. When something like this goes down, your customers won’t be satisfied with a letter in the mail. They’ll want answers. To quell the public outcry, Ferris State felt obligated to provide free credit monitoring to everyone who had their Social Security number leaked. Your time and money should be spent growing your business, not restoring the faith of troubled customers.
In addition, the bad PR and damage to the university’s reputation and brand cannot be quantified, but will certainly be felt in its future dealings with vendors and prospective students.
Still not convinced you’re in any danger? It’s not just the data disaster recovery industry seeing a rise in business. There are actually quite sophisticated, successful identity theft services growing rapidly on the Internet. For less than a candy bar, members of an identity theft site can purchase a name and its corresponding date of birth and Social Security number! Living in today’s cyber world is like swimming in shark-infested waters; don’t miss the boat.
Ferris State has done almost everything possible to attempt a full data breach recovery. But the best way to handle it is to prevent it from ever happening.
What makes my Company vulnerable to a data breach?
According to Ponemon’s 2013 Cost of a data breach report, the root cause of a data breach is separated into 3 different categories: 37% are malicious or criminal attacks, 35% are negligent employee or contractor (human factor), and 29% are system glitches. Many companies see cyber attacks as the biggest threat to their organization when the fact is only 2% less fails under employees or contractors. You need to evaluate all your risks and put the proper processes in place to mitigate those risks.
A leading cause of large scale data breaches is lost or stolen media devices. With advanced services like , TechR2 can ensure that your failed hard drives and loose media are inventoried and contained prior to certified onsite data destruction. Once the retired hard drives are destroyed onsite by TechR2, then all devices are responsibly recycled.
TechR2 is committed to information security best practices, and is now ISO 27001 certified. Contact us today to schedule a free trial!