What's kind of cost is involved when you have a data breach that affects nearly 2.4 million people? For starters, you can expect to shell out $7 million like Maricopa County Community College District (MCCCD) did, and then another $7 million to fix things up. Figures like these provide an excellent impetus on why organizations should use data encryption solutions like AlertBoot.
According to azcentral.com, MCCCD waited seven months before notifying over 2 million students and employees that their information was compromised in April of this year. Seven months were required to figure out the extent of the damages, who to notify, etc. According to the investigation, it appears that hackers broke into MCCCD's servers; stole personal information; and made it available in the internet underground.College district employees, as well as current and former students of ten colleges, are being sent a breach notification letter. The breached data included SSNs, driver's license numbers, bank account information, and grades.(Based on the above, it seems like a miracle that HIPAA covered entities like hospitals can do the same within 2 months. But then again, if you've got the right setup – as you should, if you're forced by law, to finalize everything in that period – doing it within 2 months is not a stretch, no matter how many people were affected.)
The article also noted that the college district board approved a "$7 million notification process" just last week. The money will be given to an outside consultant who will be in charge of ensuring that everyone is notified. The consultant will also be setting up a call center (for people with inquiries regarding the data breach and how to proceed, undoubtedly). Furthermore, it will also provide for credit monitoring services to those who desire it.In addition, an extra $7 million is being used to upgrade the security at MCCCD. It hasn't been mentioned whether all of that is going towards firewalls and other tools for keeping hackers out, or if MCCCD decided to take a more holistic approach. That is, whether they looked at their current situation and asked themselves, "what if a laptop had been stolen?" or "do we need more shredders?"Because, let's face it, data breaches can originate from anywhere, be it a data center, a laptop, a USB flashdrive, or a file cabinet full of documents.
One of the easiest and best ways to cut down on the risk of a data breach is to protect electronic devices that store sensitive data. Considering that laptops account for at least a third of all data breaches, regardless of the survey taken, it is worthwhile to ensure that they're protected with encryption software.There is, however, a bigger threat looming in the horizon: smartphones and tablets. It's not a secret that these devices are replacing laptops as the computing device of choice. The substitution is also making inroads into the work environment, and sooner than later, I expect these smaller and more portable devices to comprise a larger piece of the data breach pie.If such devices area already in use at your workplace as part of an approved (or not officially approved) BYOD program, it's already late: you should have an MDM or similar solution in place to ensure that smart devices do not trigger a $7 million fallout.