If you’ve been watching the number of data breaches rise in recent years, you’ve probably reinforced your data security systems. Hopefully, you also have a strict set of rules that govern data storage and how that data is accessed by employees and contractors.
If you’re a brick-and-mortar business, maybe you’ve upgraded your credit card systems with the new EMV readers, or you’ve purchased other expensive equipment upgrades. If so, you made the right choice. However, those expensive upgrades aren’t enough to protect your business from cybercrime. Neither are the security features that come with your cloud hosting account.
Storing or managing data in the cloud? You need additional security
If you store or process data in the cloud, you probably pay a significant fee with the expectation that your data will be protected by your host. Your account likely comes with several security features, but the security options offered by your host are likely not enough. In addition to basic server security, you need 24/7 security monitoring that automatically identifies and eliminates threats.
While your account might come with minimal security, your cloud host is unlikely to provide the extensive monitoring required to identify and manage cloud compliance issues. However, a third-party solution will. For instance, CloudGuard Dome9 is a widely used comprehensive software platform that detects misconfigurations and actively enforces security best practices to protect against data theft in the cloud. However, there’s more.
The other key aspect of protecting data in the cloud is having strictly enforced security policies.
Are your security policies strict enough? Are your policies enforced?
Data security is largely determined by how well security policies are followed. For example, your policy should prohibit the transmission of unencrypted login credentials through email or any file transfer service. Emails pass through multiple servers before reaching their destination and that data can be hijacked at any point along the way.
Requiring encrypted emails won’t prevent email data from being stolen, but it will prevent stolen credentials from being readable. This protocol is required to prevent a data breach.
With the average cost of a data breach reaching $3.86 million, you can’t afford to skimp on data security. Half the equation for securing your data requires heavy security protocols that are strictly enforced. In other words, you can install the most expensive, top-of-the-line security software and equipment, but you won’t be protected unless everyone follows your security policy.
Expensive security upgrades are only half of the equation
The cost of installing cutting-edge security technology isn’t cheap. However, don’t allow the cost of upgrades to give you a false sense of security. Likewise, don’t avoid expensive upgrades thinking you’ll save money.
Installing EMV readers at payment terminals is an essential part of maintaining data security for many businesses. However, the cost of installing EMV readers is high. Unfortunately, the cost of not installing these readers is even greater in the event of a security breach. This is an unfortunate reality many businesses are just now discovering.
When criminals recently installed card-skimming malware on Wawa payment terminals, the company experienced a breach of 21 million credit card records. A large portion of the damage would have been mitigated by the presence of EMV readers.
EMV readers are a requirement for gas stations as of October 2020
There’s no doubt Wawa learned from their recent data breach, but even if the company wasn’t planning on installing EMV readers, now they have no choice. As of October 2020, all gas stations will be required to install EMV readers at the pump and on terminals inside the main store.
With the high cost, most gas stations will miss the deadline and will try to convince themselves their existing security measures are enough. This has been the case for many years as some businesses just don’t have the funds to upgrade. However, as the Wawa data breach shows, in the absence of EMV readers, existing security measures aren’t enough.
It’s time to look at data security as an investment
Whether it’s hardware or software, every major security upgrade is generally seen as an expense that needs to be worked into the budget. This makes sense considering security upgrades can be quite expensive. The problem with viewing a security upgrade as an expense is that you’ll try to get the job done as cheaply as possible. This could mean skipping the essential components of an upgrade.
When you view data security as an investment, you’ll look for what you need and then find a way to work the cost into your budget. When businesses start to view data security as an investment, that’s when we’ll see a serious decline in data breaches.