The Connection Magazine A.I.M. Mutual Fall 2016 | Page 28

DATA SECURIT Y Michael Stango Michael Stango is the Information Technology Supervisor for A.I.M. Mutual Insurance Companies. He has a background in database programming, information systems analysis, and project management, and leads A.I.M. Mutual’s Cyber Awareness Training program. He is also the current chair of the company’s Massachusetts Data Security Committee. DATA SECURITY: Protecting the Home Front Figure 1 Root Cause of Data Breaches Figure 2 2016 Phishing Campaign FALL FALL 2016 2016 AS information about cyber security becomes more and more available, the business community of the twenty-first century may be misplacing resources in the fight against cyber crime. It seems industry experts, research firms, and the media alike emphasize protection against “malicious attacks,” but network security infrastructure and software can be extremely expensive. Perhaps there is a more cost effective way for businesses, especially small ones, to shield themselves from a data security breach. It’s abundantly clear why the experts give extra attention to malicious attacks that may involve hackers, viruses, or internal cyber criminals. According to Ponemon Institute’s 2016 Cost of Data Breach Study, 50 percent of reported breaches by US organizations in the study were the result of malicious or criminal attacks. The cost of these types of attacks was approximately $236 per record breached. However, system glitches accounted for another 27 percent and human error accounted for another 23 percent, costing the surveyed companies $213 and $197, respectively, per record breached. 1 Though malicious attacks were the most costly for the surveyed companies, they are also expensive to defend against. Network security infrastructure can cost companies thousands, and once purchased, an expert must undertake the grueling task of configuring the gear. Network security software can also be costly, but may provide an easier solution for smaller businesses, as most of this software is easy to install and configure. Overall, the best protection against malicious attacks is a combination of security infrastructure and software. Of course, that is, if your business can afford it. Mitigating the risk of malicious attacks can be expensive, but protecting your company from system glitches and negligent employees may be more cost effective if budgets are tight. In fact, most operating systems will proactively attempt to fix system glitches; they simply require your blessing as an end user. Take Adobe Reader, for example. The average user has likely been asked by this software to allow “required updates.” Admittedly, between Adobe, Java, and Microsoft, the update requests can be fairly annoying. Still, these updates tend to contain key security patches that will keep your network and data safe from loopholes that have been exploited by hackers and cyber criminals. It is strongly recommended that all software is kept up-to-date to help reduce the risk of system glitches. As for negligent employees, a 28