For many organizations, collecting the personal data of their consumers is part of their business model.
Retailers often have no other option as they need to access customer payment card information each time a purchase is made, and many customers prefer to have an organization store this data for future convenience.
For the providers of “free” online services like Facebook and Google, their entire business plan is based upon monetizing the data collected from customers as they use the company’s product or service.
As data becomes more valuable, it is increasingly a target of cybercriminals. In recent years, many organizations have demonstrated that they do not have the necessary cybersecurity controls in place to protect their customers’ data from exposure.
The data breach has become a daily occurrence. Generally, the focus of data breach reporting is on the customer.
Many data breaches involve thousands or even millions of user records, and headlines focus on how the breach exposed all of this data and what the organization did wrong in protecting this user data.
However, customers aren’t the only ones being hurt by data breaches. A data breach has a wide variety of obvious and hidden costs to an organization. As a result, many companies go out of business after being the victim of a cyberattack that leaks sensitive customer data.
The Costs of the Data Breach
Data breaches are extremely expensive for the victim organization. In fact, the average cost of a data breach for an enterprise has reached $1.4 million.
Since data breach costs are typically related to the amount of breached data, the average costs of a breach for smaller organizations are typically lower but can still be significant.
Data breaches are so expensive to an organization since they incur a large number of direct and indirect costs.
Common costs of a data breach include:
- Hiring specialists to investigate and remediate the breach
- Expenses associated with the need to rapidly deploy security controls
- Lost productivity due to loss of access to critical systems
- Overhead of notifying regulators and affected parties
- Cost of additional providing additional breach-related customer service
- Regulatory penalties and compensation to breach victims
- Customer churn due to loss of customer trust
- Cost of repairing brand reputation after the breach
- Price of legal representation for lawsuits, settlements, and arbitration
- Loss of competitive advantage within the industry
Some of the indirect costs of a breach, like the loss of customers or decreased sales due to loss of customer trust in a brand, can be difficult to measure.
So the actual impact of a breach on an organization’s bottom line can be even larger than the official estimated and reported numbers. The costs of a data breach can accumulate quickly.
Data Breaches Kill Businesses
A data breach is an expensive mistake for a company. In general, the cost of the breach scales with the number of records that are breached, so the biggest companies are typically the ones that are hit the worst.
However, while these costs can put a significant dent in an enterprise’s profits, these organizations are often able to shake off the effects of a breach and continue to do business.
The same is not necessarily true of small and medium size businesses (SMBs). 60% of SMBs go out of business within 6 months of suffering a cyberattack or data breach.
The reason for this high percentage of closures is largely because SMBs aren’t ready for an attack and can’t recover from the resulting high costs of the breach.
About two-thirds of SMBs believe that a breach “couldn’t happen to them” and about the same percentage of cyberattacks are targeted at SMBs.
Cybercriminals often go for the low hanging fruit and easy targets, and organizations that fail to take the proper precautions to secure their sensitive and valuable data can find this to be a fatal mistake.
Protecting Sensitive Data
It is impossible to completely protect an organization against cyberattacks, and many businesses don’t have the financial resources necessary to protect themselves against nation-state attackers and other advanced persistent threats (APTs).
However, most cybercriminals are profit-driven and don’t want to spend the time and effort needed to crack a well-defended network when there are many easier targets available.
In order for a cyberattack to become a data breach, an attacker needs to have the ability to gain access to an organization’s sensitive data. Putting the necessary effort into protecting this data from exposure can dramatically decrease the impact of an attack.
Data security solutions that discover repositories of sensitive data on an organization’s network, perform vulnerability assessments against them, and monitor access to them can give an organization the warning that it needs to defend against a potential cyberattack.
Many cyberattacks begin with a phishing email or attacking an organization’s web applications. Training users on phishing and deploying an effective web application firewall (WAF) can help to protect against these attack vectors.
By taking a few simple cybersecurity precautions, an organization can dramatically decrease their exposure to cyber threats and the probability of suffering a business-ending cyberattack.
Data Is Important to Your Business’s Operations
Computers have been able to move files between one another since the technology’s very early days.
The first File Transfer Protocol (FTP) technology emerged in 1971.
Back then, network administrators only needed to move data from one place to the next; security was not an issue. Furthermore, since the computers were probably in the same room, the data did not have very far to go.
Today, there are many ways to move data efficiently and safely over long distances.
What is Secure File Transfer?
FTP still works very well when there is absolutely no need for security, but these instances are few and far between. Some of today’s most popular file transfer options are:
- Secure File Transfer Protocol: As the name implies, SFTP is FTP plus encryption. The combination is very fast and prevents network eavesdropping. SCP (Secure Copy) is a closely related protocol.
- Managed File Transfer: MFT is a much more complex option. In addition to file security, it adds a variety of audit, management, reliability, and other features.
- Email Encryption: Instead of transferring the file as an attachment, a secure email sends a link. Then, the recipient can download the document from a secure site. Moreover, email encryption enables users to send very large files with little drama.
- Hosting: Originally, file hosting services supported document collaboration and nothing else. Lately, security features have emerged as well, making network hosting a viable secure file transfer option.
All these methods rely on access control. Typically, that involves a username and password.
Depending on the organization’s needs, the access control can be much tighter. Usually, this process involves an Identity and Access Management (IAM) system.
Some File Transfer Features
In its most basic form, secure file transfer relies on command line interfaces.
This system is automated and not designed for user interface, so there are very few additional features.
On the other hand, command line interfaces are very low-cost and allow organizations to maintain control over file security even if they use cloud providers.
SFTP is still the best option for most businesses, but SFTP by itself often falls short. Consider adding additional features like:
- Auditing: Sometimes, auditing functions are available as an add-on. But organizations that also have compliance issues in this area, such as those that handle Personal Identifying Information (PII), may be better off with MFT.
- Scheduling: This need is not as common but it’s still out there. Sometimes, users need to send documents at certain times of the day, usually to avoid bandwidth conflicts. Customers with scheduling needs almost always need MFT, because its systems are very robust.
- Indirect Transfer: Only MFT allows users to send documents to an intermediary server when then forwards them to the recipients. The user and recipient are isolated from each other, and such transfers are easier to track.
Consider the options carefully before making a decision. Then, go with an established provider who stands by its products.