This is Part I of a two-part series on the rise of data security breaches sweeping across companies of all sizes and crossing most industries: Part I | Part II

From Target to Sony, the number of security breaches continued to climb throughout 2014, as did the scope of the data breaches and the costs involved. The current epidemic of security breaches is happening at companies of all sizes and industries.

As you turn the calendar to 2015, how can you be ready to stop the leak and mitigate the potential and significant damage that quickly engulfs companies?

Target's major data breach caught everyone's attention with the exposure of consumer information. However, it also uncovered a new twist as the hackers entered the system through Target's HVAC contractor. Now, companies need to not only be worried about protecting their own systems but also those of their contractors and other companies with which they do business.

The new risks caused recent changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, which now imposes data security obligations on business associates who do work for hospitals and other healthcare providers with respect to personal health information (PHI).

The recent Sony breach caused significant havoc on multiple levels to the corporation as the hackers revealed employees' salary and health information as well as Sony's products, including unannounced film projects already in the works. The breach impacts both employee retention and recruitment problems of divulging salaries of colleagues and also causing film stars and directors to shy away from working with Sony.

Additionally, during the aftermath of the breach, Sony has been unable to operate effectively as the breach shut down the email system, studio lot security and payroll systems amid other operational functions of the organization.

Data breaches can be caused by a variety of factors, but some of the most common causes are criminal attacks by outside computer hackers, employee data thefts, and the failure to implement adequate system protections.

Regardless of the cause, each data breach can expose a company to significant monetary costs as well as potential crippling damage to the business. According to the Ponemon Institute, data breach incidents cost U.S. companies $188 per compromised record with an average total of per-incident cost of $5.4 million.

Consequences of a data breach may include:

  • Brand damage and loss of reputation
  • Loss of competitive advantage
  • Loss of customers
  • Erosion of shareholder value
  • Fines and civil penalties
  • Litigation or legal action
  • Regulatory action or sanctions
  • Costs and effort to notify affected parties
  • Costs and effort to recover from breach

Effectively handling data breach

The Executive Order 13636 from the National Institute for Standards and Technology (NIST) developed the Framework for Improving Critical Infrastructure Cybersecurity. The Framework relies on a variety of existing standards, guidelines and practices to provide guidance for the development of vital infrastructure improvements and an effective plan to combat and prevent data breaches.

Businesses who conform to the Framework guidelines will be in a better position to quickly undertake the daunting and often overwhelming task of managing a data security breach when one occurs.

As companies more deeply rely on technology, it's more about when a data breach will happen rather than if it will happen to a given business.

Often breaches start with a trickle before the downpour begins. Or the signs of data breach vulnerability have gone unnoticed, and then seemingly the floodgates open and the data leaks become more frequent, more extensive and wider spread while you are overwhelmed searching to plug up the core leak.

Practical mitigation

How can companies combat the rise in breaches and find cost-effective ways to prevent them? A few practical measures that help keep data secure include practices that:

  • Control access
  • Control communications
  • Limit delivery and exchange of documents
  • Restrict document sharing
  • Secure internal computer networks
  • Properly dispose of documents

But most importantly, companies must develop a sound data security breach plan with a rapid-response team.

Become proactive. Have a well-thought-out specific plan in place that covers the wide variety of company areas that may be impacted by a data security breach, including HR, customer service, sales, finance, contractors, legal and, of course, IT.

These departments must work collaboratively across company segments to develop a cohesive, effective plan, supplemented by company policies and procedures, to protect data and have a response plan and team in place for when the worst happens.

Continue to review and update policies as technology and the company's methodologies change to remain alert and on top of scenarios that could lead to data breach issues.