By Neeraj Dotel, MD, India & SAARC, SAP Concur
The Breach Level Index reveals that roughly 57 data records are stolen every second. That is equal to nearly five million data records being stolen worldwide every single day. High profile data thefts are becoming too commonplace with worrying frequency. We saw instances of data pilfering in India, where a popular airline sued a former employer. Similarly, a leading FMCG conglomerate recently accused three former employees for allegedly stealing confidential information.
As these examples show, company data is extremely vulnerable and safeguarding data is the current buzzword that has led to companies and CIOs are losing sleep. Whether accidental or otherwise, data theft is a major cause of concern for any organisation today. As per the 2017 Cost of Data Breach Study from the Ponemon Institute, the global average cost of a data breach stands at a whopping US$ 3.6 million.
So, what should an organisation do to prevent the risk of data thefts?
Start with a good security programme; one that not just prevents data thefts, but also trains people on how to act during a suspected data breach. According to the Ponemon report, an incident response team can reduce the cost of a breach by up to US$ 19 per record. Therefore, if the global average cost stands at US$ 3,600,000, or US$ 141 per data record, a response team can help save up to US$ 485,106. A concrete response plan that helps companies take the right action quickly is essential.
The program should take the following recommendations into consideration:
- Know where the data is at all times: IT teams need to be aware of answers to some crucial questions – like what data lives in what system, who owns it, who has access to it and who is actually accessing it? This can only come from accurate data mapping. Organisations need a central database with a list of all applications, the backend technology, owners, basic description and purpose and any relevant integrations. An effective data map will use the database and also assess the security levels and threats. Thus, companies will be able to catch any mishap or theft faster and prevent misuses.
- Clear policy and compliance structures: A regularly updated compliance policy that sets out clear corporate standards for the entire organisation. Within the policy, specific employee guidelines stipulating what can or cannot be shared and the penalties associated; and finally, departmental procedures to oversee policy adherence.
- Automation and technology integration is key: No matter how many policies are put in place or how many trainings employees go through, without adequate technology support, leakages are still likely to occur. Automating as much as possible is one of the best ways to prevent data thefts. For instance, automating travel expenses and capturing all T&E related activities can help companies reconcile what was booked with what was actually expensed. If anything doesn’t match up, it will be instantly detected. This stops employees from committing fraud or entering incorrect data. Similarly, there are monitoring, auditing tools available that organisations can utilise to stop data from being externally transported.
It is essential that companies take conscious steps backed by clear privacy and protection laws to mitigate such threats. Else, as digital transformation grows, it’s going to be difficult for any organisation to compete in the global sphere, with this threat of data breaches hanging on its head.
