Last week, a relative told me about a call she received from the doctor’s office that performed her eye surgery a year ago. At first, she assumed the call was a reminder that she should get her eyes checked. But when she answered the phone, the representative informed her that the doctor’s office’s medical records had been breached.
At this point, no business is safe from thieves that want to steal customer information—not even small businesses operating locally, but especially not large companies with thousands and millions of customers.
For example, in October of last year, hackers stole names, birth dates, addresses and Social Security and drivers' license numbers from 15 million T-Mobile customers through its credit check provider, Experian.
And it’s not only customers who pay when information is stolen. The company whose data was breached is on the hook too. According to a 2014 research report from IBM and Ponemon, of the 314 participating companies across the world, the average total cost of a data breach increased 15 percent to $3.5 million. Additionally, the average cost paid for each lost or stolen record increased 9 percent to $145.
Part of this cost includes the reputation loss. Customers are frustrated that businesses are letting hackers steal their data, and they are showing it by taking their business elsewhere. So how are thieves accessing customer information?
The report from IBM and Ponemon identified three main causes of data breaches: malicious or criminal attacks (42 percent), system glitch (29 percent) and human error (30 percent).
A different report from the Association of Corporate Counsel (ACC) Foundation released in 2015, surveyed 1,000 in-house lawyers in 30 countries and discovered that employee error was the most common reason for a data breach with phishing, access through a third party, lost laptop/device and application vulnerability rounding out the top five.
As you can see, data breaches aren’t solely the result of malicious hackers, more than likely they are the result of uninformed employees. However, many employers aren’t training employees on how to keep customer information safe from theft.
According to the ACC Foundation report, “although employee error is the most common reason for a breach, fewer than half of in-house counsel reported that mandatory training exists at their companies. Even fewer say that their corporations track or test employee knowledge.”
This is a shame because one of the most important actions you can take to protect customer information is to have employees take privacy and data protection training. At the very least, the training should make employees aware of just how valuable the information is and why it’s essential to keep protecting it at top of mind.
Additionally, the training should cover best practices for keeping customer information safe. These best practices include:
Furthermore, the training course should teach employees how to detect potential security breaches and your company’s incident response plan.
Thieves are constantly trying to access information, and technology has made it easier for them. It’s essential that your business prioritizes protecting customer data. And since employee error is one of the main causes of data breaches, it makes sense to train employees on privacy and data protection. Because if you don’t, you could be putting your business at risk for a significant loss in revenue and customer retention.
We're sorry this resource is no longer available, we've redirected you to our Resource center.