The real cost of a data breach can be much higher than a fine. The results from Alertsec's latest Brand Perception Study are in and they reveal that a data breach can lead to a long term loss of trust and loss of customer business. Nearly one in three respondents said that it would take several months to begin trusting a company again following a breach. Even people not directly affected say that they would take a dim view of a company reporting a data breach. Read more about our research findings below.
Our survey results came in just as the OCR announced a change that is expected to shine a spotlight on SMB compliance. It's worth reading about the CHCS data breach in Industry News below as it highlights a vulnerability that affects many SMBs. Laptops and smartphones enable employees to work from anywhere but as a result they end up storing huge amounts of customer data and present a significant data breach risk. You are already encrypting your laptops but there are additional security measures that you should take and we have provided advice below.
As always, if you have any questions or concerns, contact our Helpdesk team. For anyone upgrading devices to Windows 10 “Redstone”: please follow the upgrade instructions below. The steps will address the issues reported last month and ensure your Alertsec encryption continues to work correctly.
“When a company has allowed customers’ data to fall into the hands of criminals, the resulting lack of trust is difficult to repair”, said Ebba Blitz, Alertsec CEO.
Ebba’s comments were in response to the results of Alertsec’s latest Brand Perception Study. Our study revealed that 97 percent of Americans find data breaches unsettling and, according to our survey, people are slow to forgive companies for data breaches. 29 percent of respondents said that it would take several months to start trusting a company again following a breach, with 17 percent saying that trust would be lost permanently.
Even people not directly affected say that they develop a negative perception of a company following a data breach. For 35 percent of respondents a hack means the company was careless, while 26 percent say the company would become a great target for lawsuits.
So what additional steps should you be taking to prevent a data breach?
If a laptop is stolen, call the Alertsec Helpdesk to get the password reset. Our support team is on call 24/7.
Ensure passwords are not written down. US Healthworks was fined for a breach when it was discovered that an encrypted laptop had been stolen along with the password to decrypt the device.
Enable two-factor authentication on your Alertsec web account for all administrators so you can be sure that only the right people are doing admin tasks.
Insist on encryption. Check our website for guidance on how to encrypt everything from documents and emails to your phone.
The Office for Civil Rights (OCR) has announced plans to devote more resources to investigating smaller breaches, which is expected to impact small businesses handling health information.
OCR works to understand HIPAA compliance issues and has so far largely focused on investigating reported breaches involving the protected health information of 500 or more individuals. This new initiative will re-focus resources on investigating incidents affecting fewer than 500 patients. A spokesman said, “Regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information".
Catholic Health Care Services (CHCS) in Philadelphia has agreed to pay $650,000 to settle HIPAA violations following the theft of an unencrypted mobile device.
CHCS is a business associate to six skilled nursing facilities and provides management and information technology services. The theft of an iPhone compromised the protected health information of 412 nursing home residents. The information on the iPhone, which was unencrypted, was extensive and included social security numbers, information regarding diagnosis and treatment, medical procedures, names of family members and legal guardians and medication information.
If you plan to upgrade devices to use the new Windows 10 Anniversary O/S (aka Redstone), please follow these steps carefully:
Unencrypted machines: you must upgrade Windows BEFORE encrypting the machine. If you have unencrypted machines with Windows 10 Redstone already installed, it is safe to deploy your Alertsec encryption using our standard deployment method from your Alertsec Web account.
Encrypted machines: Uninstall/decrypt the device first and remove the CheckPoint device agent. This can be done from Add/Remove Programs – please refer to the coordinator’s guide for more information. Update the Windows O/S to Redstone and then deploy a new package from your Alertsec web account. Please do not hesitate to contact us for advice and help should you need it.