Data Privacy and Security Trends, Summer 2021

It’s Q3 2021. Do you know where your next cyber threat is coming from?

The summer is almost over, and this year’s crop of data breach and privacy reports is ripe and ready. If you’re worried about risks to your business, the news is juicy, but not sweet. Breaches and costs are rising. As we reported recently, the trouble often starts with personal information from businesses’ employees, members, and customers. It can end with lost productivity, regulatory fines, a damaged reputation, and lost business. Let’s look at the trends and how personal privacy can protect your business.

Data Breaches Are on the Rise

The Identity Theft Resource Center (ITRC) reported in July that data breaches were up 38% between the first and second quarters of 2021, and they predicted a new all-time high by year’s end. Phishing and ransomware attacks remained the top two causes of data breaches.

Ransomware attacks caused some of the highest profile breaches of the year so far, including shutdowns at Colonial Pipeline, JBS meat processing, and CNA Financial Corp. A Florida town’s water was nearly poisoned when someone using a city computer unwittingly visited a website that downloaded malicious code. And ransomware is now a double threat because most ransomware variants now steal data while encrypting it. After collecting ransom, the thieves either sell the stolen information or threaten to post it on the dark web unless they receive more ransom.

Work is Not Remotely Back to Normal

When the pandemic began, remote work was seen as an emergency measure, but a new Cloudwards report found remote work becoming long term. Many people report improved productivity and satisfaction, and many businesses are seeing the financial benefits of maintaining a smaller workspace and having a wider labor pool to hire from. (The report found annual savings of up to $1.4M per hundred employees by switching to remote work.) However, companies moving to hybrid work models need to address the data security risks of remote work, such as unsecured endpoints and unenforced VPN restrictions, as outlined in a recent Forbes article. Nearly 18 percent of 2020 breaches involved remote workers. Those companies paid $1 million more on average in total data breach costs than organizations where remote work was not a factor.

During the COVID surge, isolation and more time online has also made remote workers easier prey for phishing campaigns and social media scammers. And cybersecurity firm GeoEdge just reported a new threat: malware installed in home networks via malicious links in online advertising. Once installed, it can download apps without users’ consent and use smart devices to spy enabling theft of personal and financial information. Businesses are at risk if the stolen information includes work passwords or other sensitive information.

Privacy and Identity Are Under Attack

In the hot summer of 2021, identity theft is still growing. The FTC reported a 73% increase in identity theft from 2019 to 2021—nearly 1.4 million cases of identity theft in 2020, more than doubling from the previous year. Account take-over (ATO) fraud, in particular, has skyrocketed, adding to the $43 billion cost of identity fraud losses each year. A 2020 study found that ATO attacks on e-commerce retailers increased by 282% over the previous year, costing both businesses and consumers. Kaspersky reports 20% growth last year, with account takeovers making up 54% of fraud-related events.

This summer has also brought a new crop of privacy risks to your employees, members, and customers—and, through them, to your business. Social media scams are on the rise, along with summer travel and moving scams. The resumption of business and leisure travel is also putting travelers and their devices at renewed privacy risk, sometimes in countries with extreme levels of cybercrime. Experts recommend checking Department of State Travel Advisories for information on cyber safety in different countries.

Data Breach Costs are Rising

The 2021 Ponemon Institute Cost of a Data Breach Report (CODB) found an average data breach cost of $4.24 million, a 10% increase from the previous year. Breach costs included detection and escalation, notification, and post-breach response, such as providing identity protection for victims. But the largest costs, at 38%, were due to lost business—costs that can continue to affect the bottom line for years.

That 20% doesn’t include the breaches caused by phishing, social engineering, accidental data loss, and other human factors. As we reported recently, 85% of data breaches are now caused by people, mostly by accident, providing criminals with access to business systems.

Quick Tips for the Human Side

Protecting your company from the latest cyber risks is a complex problem, but privacy awareness programs and tools can protect your employees, members, and customers while also protecting your business. Here are a few quick tips to pass on:

• Never click links in online ads or unsolicited email. (And here’s what to do if someone accidentally downloads malware.).
• Regularly install patches and update security software on all their devices, and especially before traveling.
• Always use a VPN when connecting to the internet away from home. And turn off automatic connection with Bluetooth and Wi-Fi networks.
• Use a tracking blocker to stop data brokers from gathering personal information that could be used for targeted scams or phishing campaigns.
• Pay bills before going on a trip, then minimize online transactions while on the road.

People can be the weakest link in your information perimeter. But, armed with the right knowledge and tools, people can also adapt faster than business systems and processes. And since people are now the attack vector of choice for cyber criminals, preparing them to defend themselves and your organization is a smart business choice.