Hardly a day goes by that we’re not hearing about a new data breach or unauthorized access to confidential customer information. The majority of breaches are caused by basic security flaws that could be easily prevented if identified and managed.

Last year was one of the worst on record for data breaches. Notable ones were the Equifax breach which affected an estimated 145 million people and Accenture’s exposure of highly sensitive data on their servers.

Largest data leak in Facebook’s history

If you’re hoping that security breaches are easing off, I’d suggesting holding your breath. Just a few days ago, news broke that data firm Cambridge Analytica—which worked as a consultant for Donald Trump’s presidential campaign—allegedly ”harvested private information from the Facebook profiles of more than 50 million users without their permission.” 

Cyber attacks expose firms to everything from monetary theft and privacy breach to brand reputation damage. Most troubling is that a significant number of organizations don’t even know that they’ve been breached.

Is your data at risk? Find out with an Information Security Assessment.

Most hacked region is United States; Canada is second

Although the United States is reported to be the most affected region for attacks over the last year, Canada ranks a close second. In fact, in the coming year, ransomware attacks in Canada are forecast to increase in small and medium-sized businesses within legal and financial services sectors.

Most breaches caused by basic security flaws

While some cyber attacks are the result of sophisticated hackers using new and advanced techniques, the majority of breaches could be easily prevented with sound process control and governance on development and infrastructure operations. While many business and technology leaders still view security and innovation as opposing forces, controls and governance must be applied to minimize the risk of exposing private customer data.

In my mind, organizations are setting themselves up for a significant fall by failing to adequately understand and prepare for the risks facing them. It’s time to take our heads out of the sand.

Take the first step with an Information Security Assessment

If your organization wants to prepare for risks, I recommend that you undertake an Information Security Assessment as a crucial first step. We’ve developed a comprehensive tool that reviews your technical systems, physical security, and policies that could lead to a data leak, ransomware or malware breach. It also looks at internal processes, the role of an increasingly mobile workforce, and working with third-parties, such as agencies, suppliers, and vendors.

Our Information Security Assessment tool takes into account multiple frameworks and standards, including COBIT, ISO 27000 series, and the NIST Special Publication series. When completed, your team can download a results report that’s entirely customized to your organization’s needs. This document will help your team detect the security holes that could be making your company vulnerable, and will provide recommendations to take care of them before your issues become public.

Any company attempting to develop or implement a digital strategy without this knowledge will simply be setting their company up to join the growing list of companies that have compromised their reputation and future growth with heightened regulatory attention and possible litigation.

Protect your firm’s data now 

Once you’ve completed our Information Security Assessment, you’ll have a good sense of your firm’s vulnerabilities. Please contact me directly at darko.antic@purefacts.com to discuss how we can help you keep your firm’s valuable data safe.

VP, Software Development, PureSolutions