No, we are actually talking about the role of compliance in the world of data security and breach prevention. According to a recent study conducted by the Ponemon Institute, 33% of data breach in the US was caused by human error during 2012. If we can reduce this human error rate, there is a potential to save organizations millions of dollars each year in data breach expenses. And for businesses in the Healthcare market, this is even more vital, given this market experiences the highest costs associated with a data breach at $233 per record.
So what do we do? What is the role of compliance? Isn’t data breach the role of the CIO or IT team? It’s a team effort to be sure, and the compliance team should be directly focused on educating their employees so they don’t make the dumb mistakes that occur every day which cause data breaches. In my experience with data breach clients, I’ve seen some things that just make you shake your head:
- A physician has his encrypted laptop stolen from his home. No problem, right? Wrong. The doctor had written his passwords, including the encryption password, on a sticky note that was taped to his computer. Over 7000 patient records were breached.
- A Spearfishing attack on a small business is successful in getting a business owner to turn over his banking account number and routing information. Within 10 minutes their business banking account was hit and over $120,000 was transferred out. No protection exists for the business or the ability to recover the funds.
- A company hires a new employee with a criminal past, including identity theft. The company fails to follow it’s policy to run a background check and the employee gains access to payroll information for the entire company, resulting in a breach and major legal costs.
Every one of these examples is the result of human error. How can we prevent these errors? Don’t miss Part 2 of my blog post which will focus on how we attack this issue later this week.