Protecting your business in the digital age

IBM estimates that the average cost of a data breach in Canada is $6 million and, beyond the tangible monetary losses, organizations find themselves at risk of permanently damaging their reputations – destroying years of hard work. Moreover, a recent survey conducted by Ovum found that 76 per cent of executives believe that the number of data breach attempts will increase within the next year. However, fewer than half have any plans to increase their cybersecurity spending.
 
As Chief Technology Officer at Moneris and an experienced data security professional, I know that data protection can be confusing. If companies are knowledgeable about the threats, however, it allows them to defend their assets and protect their reputation.
 
Business owners should understand the two main categories of data breaches: internal and external. Hackers are generally responsible for external or malicious attacks, which take place through a variety of channels; including phishing emails infected with malware, hacking of system passwords, or through ransomware – essentially holding the company’s data hostage.
 
Business owners also need to know that data breaches can happen from the inside. When businesses use outdated technology, are uneducated on security best practices and employees lack training, there is greater risk for sensitive information to be mishandled and result in an internal breach. These risks combined with the sophisticated hacking techniques of fraudsters, business owners often find themselves behind the curve of data security.
 
Fortunately, there are effective data security processes and software available to help mitigate risks – and while these solutions may have upfront costs, they will help safeguard your business. The next few tips will act as a quick “how to” for Canadian businesses.

Budgeting for audits
First, business owners must be willing to earmark an annual budget to conduct internal audits. It’s essential to identify any security shortfalls and decide which pieces of data are in need of deeper levels of security. Not all data is equally important. For example, stored credit card information is a much higher security priority than employee calendars. Allowing a trusted partner to assess actual risk and create a strategy specific to your business will help ensure protection.
 
For many small businesses, third-party audits may be impossible due to limited resources, but there are still general best practices to follow. Ultimately, it’s important for business owners to prioritize their data and to understand any potential inadequacies with how their current data is stored. Upon identifying any shortcomings, there are a few basic options, which include data encryption, improved processes and procedures and tokenization.
 

Data encryption
The most common data security solution is data encryption, which converts data into an unreadable cipher or code. This makes information unrecognizable to those without the correct encryption key and renders the data useless if stolen.  
 
To minimize the risk of an internal data breach, I recommend establishing proper data handling processes and training employees that have access. For example, it may be simply asking employees that frequently travel with sensitive data to lock their computer in the trunk of their car. Or, if you are backing up information for your business to take off-site, go directly to the data storage location – do not make unnecessary stops. In addition, vet your third-party contractors that are working for your business. Ensure they follow the same rules and guidelines set for your permanent employees.
 
Reduce your data
This leads to the next solution, lessen the amount of stored data. Is it necessary for a business, regardless of size, to retain customer credit card data? In most cases, the answer is no. This service can be outsourced to companies that specialize in storing data on secure payment servers using technology like tokenization for security. Tokenization is the act of taking sensitive data and substituting it with a non-sensitive equivalent, greatly reducing the risk of a company’s data being compromised or mishandled. Though it may lead to higher overhead costs, it is negligible in comparison to the potential risk and consequences of a breach.
 
The data security landscape is constantly evolving and with the recent implementation of Canada’s Digital Privacy Act, companies are in need of protecting themselves now more than ever. Through education on current security trends, data handling best practices and leveraging technology resources available, businesses can help to safeguard their most valuable asset, their data.
 
Amer Matar, Moneris‘ Chief Technology Officer, has over two decades in the data management field and is responsible for all technological aspects at Moneris – including software development, technology infrastructure engineering, information security and integration engineering. He holds an undergraduate degree in Computer Science from University of Montreal and an MBA from Rotman School of Business at the University of Toronto.