1 (306) 502-1116

What could a data breach do to your business?

Tillman Hodgson

It’s a nightmare for every business owner, large and small. A cyber breach with data being stolen means that your clients’ information is out the door, and being used in ways you cannot control. Not having the right preventative policies and processes in place is only part of the story. What follows after a breach […]

It’s a nightmare for every business owner, large and small. A cyber breach with data being stolen means that your clients’ information is out the door, and being used in ways you cannot control. Not having the right preventative policies and processes in place is only part of the story. What follows after a breach can be a big messy impact to manage.

In over 50 percent of data breaches in 2023, personally identifiable information (PII) was stolen. What was also lost was the organizations’ reputations for keeping safe the data of their employees, and those they serve. In fact, online threats have risen 81% in the past three years. If you’re not making cybersecurity a priority for your company, you are taking a considerable risk with the information you have the responsibility of maintaining and protecting.

According to an IBM report, the average data breach in 2023 cost companies 4.45 million US dollars. This report takes into account not only ensuing lawsuits and fines, but also the effects of damage to a company’s reputation. These deleterious effects can be more devastating than the initial cost, and result in greater financial loss over time. Well-known organizations such as 23andMe had the personal data of 7 million users stolen by hackers. MailChimp’s breach also affected one of its big clients, WooCommerce, exposing up to 5 million of its customers to a possible release of their data. WooCommerce relies on MailChimp to send emails to its clients. It’s important to realize that the chain of events that can ensue after a breach can be far-reaching and unpredictable.

If your customers’ personal data is held for ransom, there’s no guarantee that you will be able to recover and secure it even if you pay. If you fail to identify the root cause of the attack, your system will continue to be vulnerable.

While putting the right controls in place can take time, effort, and money, the result is major savings if breaches are prevented in the process. With that in mind, let’s look at what investment you need to make so you can recover if a breach occurs.

Preparing for a breach:

  1. Detection and Escalation: The initial cost of preparing for a potential breach is the time and manpower required for the creation of policies and procedures to prepare staff and shareholders for the possibility of a breach.
    Following that, users of systems with sensitive data need to be thoroughly informed and regularly updated on information security policies. They require training on how to detect a possible threat and who to contact for follow up. Regular system updates and security bulletins will keep employees informed and alert to the consequences of changes to systems, and potential vulnerabilities that can occur as a result.
  2. Investigation and Containment: Time is of the essence when a breach occurs. Staff and external suppliers need to be well-informed on prevention and detection of potential breaches. They must be effectively trained and regularly updated on steps to expedite containment should a breach occur.                                                                                With a breach, costs can flow outside of the organization if it becomes necessary to investigate interactions with external providers for breaches at the supplier end. Other costs can include switching to another provider with a more secure environment. Containment can be expensive when affected clients have to be informed, and measures need to be taken to compensate for damages if their sensitive data is compromised. 
  3. Communication with Affected Parties: Best practice is to assign the role of Communications Officer, with a clear understanding as to how, when, and with which parties they need to communicate in the event of a breach. Poor and untimely communication can be a significant cause of damage to an organization’s reputation.
  4. Analysis of Root Cause: Here, the costs can include disruption of continuity to an organization’s functions if shutdown of services is required while time is taken to analyze the root cause of a breach. Additional workarounds, such as using alternative ways of taking payment or getting products and services to customers can increase the cost of dealing with a breach.
    However long it takes, this analysis should not be rushed, just to get back online with your clients. Too often, organizations will skip this step, only to find themselves dealing with a similar threat again, which found its way through the same vulnerability.
  5. Prevention of Future Vulnerabilities: Every resource necessary should be applied to ensure that detected vulnerabilities are resolved, and regularly monitored for future issues. The more of an eagle eye kept on vulnerabilities that have been uncovered through breaches, the lower your costs for security theft prevention in the years to come. However, the costs applied to prevention of a breach should be in direct correlation to the complexity of the data you protect. Don’t spend $100 to protect $1 worth of data. In other words, don’t let fear rule your pocketbook. Focus your sights on prevention, and you’ll save a lot of money by not having to chase cures.

Ready to learn more?

Third Party Security: Who’s Minding Their Store?

Third Party Security: Who’s Minding Their Store?

Giant Tiger made the news this month with a security breach related to a third party. The discount retailer used another company to manage customer engagement and communications. Customer data, including contact information and home addresses were compromised, leaving Giant Tiger with the task of contacting customers to warn them of phishing emails and phone calls likely to ensue as a result.

read more
Stopping the Leaks: How to Play Safe on Today’s Internet

Stopping the Leaks: How to Play Safe on Today’s Internet

Sara finds an email in her inbox, notifying her that she has been the victim of a data leak through one of her social media accounts. Brad gets a similar email, letting him know that his private information is no longer secure after his favourite online store experienced a security breach. These types of notifications are almost commonplace as cybercriminals become increasingly sophisticated in their attacks on the networks that hold our data. In fact, there have been over 26 billion records exposed in what Canadian cybersecurity researchers are terming a “supermassive leak”. 

read more