In Part 1 of our series, we looked at the rising incidence of data breaches. In Part 2, we look at some steps that can be taken to combat the problem.
Data breaches are big business in this country: One study has pegged the average cost of a security breach to Canadian businesses in 2019 at $5.8 million.
So, what can your firm do to minimize the chance of a data breach, and decrease the damage? We can sum it up in four crucial steps, and it’s all about adopting a proactive rather than a reactive approach:
Statistics Canada reported that in 2017, businesses spent an average of less than 1% of total revenues to prevent, detect and recover from cybersecurity incidents. For small businesses, the average spent annually was $46,000, and for medium-sized businesses, $113,000. A 2019 study shows that if security automation is fully in place, the average cost of a breach plunges by close to 50%.
The moral? Spend now to save later.
Invest in I.T. professionals or security consultants with expertise in cybersecurity management. They should constantly be looking for weaknesses in the system and moving proactively to safeguard against potential problems.
A 2019 Data Protection Report shows that less than a third of law firms train their staff on information security a minimum of twice a year. And only 57% believe that employees are properly following their policies for storing and disposing of confidential data while off-site.
More training is needed, to emphasize the firm’s procedures. Many data leaks are due as much to human error as they are to cybercrimes. As described by Jacques Latour, CSO of the Canadian Internet Registration Authority (CIRA), “Anyone with a network-connected device can be the weak point that brings your business down.”
Before the managers and partners can train staff, they need to be in the know themselves. Stay on top of emerging threats, and learn about new technologies that can help. Korbitec’s xchangedocs is one such solution.
As a cloud-based secure document exchange service, xchangedocs is made specifically for the legal industry. It avoids the pitfalls of email, thumb drives and consumer cloud-based systems, none of which ensure the privacy and security a lawyer needs.
Educate. Train. Spend. Lock down. Taking these four proactive steps will go a long way towards protecting sensitive information, and reducing the risk of a damaging data breach.