What is a data breach? A data breach occurs when customer information held by a company, business or institution is accessed, used, collected, retained or disclosed in a manner which is not in accordance with the applicable privacy laws and regulations and/or the company's own policies regarding customer information and privacy.
Regardless of whether the information in question has been obtained by accessing an unprotected computer network or by digging through documents which have not been properly disposed of - the threat is the same. If customer information is accessed or disclosed without the consent of customers, your company has experienced a data breach. In 40 states, data security laws require that companies contact and notify every current and potential customers, as well as employees and vendors of the data breach. So what exactly puts your company at risk by violating good data security practices?
Some common violations of poor data security practices include having file cabinets accessible areas and unlocked when not in use. After hours fax orders (which will contain sensitive customer information) left unattended in open areas. A lost or stolen computer or thumb drive which contains unencrypted files is another example. Even throwing sensitive documents in the recycle bin (security trumps green). There are in fact many different areas of vulnerability in any company, including yours where data thieves have an opportunity to gain access to your corporate records. As a business owner, you are legally required to maintain data security - and notify customers should a data breach happen.
Your company stands to lose a lot in the event of a data breach - you can count on losing as many as half of your customers overnight and this kind of bad press isn't going to just disappear anytime soon. Implementing good data security measures at your company can keep your company protected from acquiring a bad reputation for security and losing a significant portion of your business. Some industry estimates has the average 2008 average cost of a breach at $6.7 million per incident. Remember that it is often the smallest things which can cause big losses. Every part of the data security puzzle is important.
Data thieves have access to all of the same kinds of technology as you do and will use them, along with a multitude of more low-tech methods in their efforts to access your sensitive data. The smartest thieves will use multiple techniques to attack your company - going after the employees, the network, the computers and the building itself. All of these areas are vulnerabilities which need to be addressed and each presents its own different set of challenges.