A Serasa Experian’s 2020 Global Fraud and Identity Surveyshows that 57 percent of companies are facing increasing losses due to fraud year after year, despite claiming to be able to accurately identify their customers.
The reality shows that three out of five companies said there was an increase in fraud over the past 12 months. In other words, the study done by Serasa Experian shows that companies’ concerns about the increase in fraud persist even with the investments in security and data protection that have been made in recent years.
Furthermore, the average cost of a data breach in 2020 is $3.86 million, according to IBM’s data breach study. Despite the slight drop from 2019 (USD 3.9 million), it is still a very high amount to pay for fraud and its impacts with customers.
But what happens when the companies responsible for protecting our identities and finances are compromised by fraud through cyber attack?
In September 2017, consumer credit agency Equifax admitted its third cyber attack in two years, when hackers exploited a website vulnerability.
Key Facts About the Cyberattack suffered by Equifax
- Some 143 million US customers have potentially become vulnerable by having their personal data compromised (with 400,000 in the UK);
- Confidential information (including social security numbers, driver’s license numbers, dates of birth, medical history, and bank account information) was compromised, leaving customers vulnerable to identity theft;
- Equifax has been criticized for being ill-equipped to manage the breach. It took five weeks to make the violation public, she set up a website for information and a hotline – where customers criticized the lack of information and the long delays;
- In a notable gaffe, customers were also directed to a fake website in the company’s tweets;
- Offers of a one-year free credit monitoring and identity theft service were deemed inappropriate;
- A lawsuit has been filed accusing Equifax of negligence with customer data, with potential cost implications of $68.6 billion.
Consumers whose data has been leaked, stolen, or used in fraud don’t even know that their personal information is at risk for months or even years. But what choice do people have: don’t travel, don’t share, don’t use social media?
Ok, we can make these choices if we need to, but we still need to get health care services, use a bank or a credit union, be insured, or even get our Social Security benefits.
How can companies take the first steps to prevent fraud and data theft?
These are top tips from experts to help you keep your company’s confidential information safe from data thieves.
1. get rid of paper
If you must keep paper files, destroy them as soon as they are no longer needed. In practice, there are nine things that companies must destroy:
- Any correspondence with a name and address;
- Luggage tag;
- Travel Itineraries;
- Extra boarding passes;
- Credit offers;
- Price list;
- Vendor payment receipts and paid invoices;
- Cancelled checks;
2. Evaluate which data you most need to protect from fraud
Audit or evaluate your data. Every company is different. Each has different regulations, different types of data, different needs for that data, and a different business culture.
Hire an outside expert to assess what data you have, how you are protecting it (not how you think you are protecting it), and where that data is going.
While you may think it is an unnecessary cost, if you report to customers and prospects that you have done an external data assessment, you may find that it puts you at an advantage over your competitors.
3. Restrict access to your confidential data
Not everyone in the company needs access to everything. Does the project manager need pricing information? Does the seller need information about the operations? By restricting the data to which each person has access, you limit your exposure when an employee decides what they want to steal or when the employee’s account is compromised by an outsider.
4. Apply internal and external data privacy controls
Make sure that third parties and service providers contracted by your company follow the same strict data privacy controls that you implement in your own organization.
Audit them periodically to ensure compliance with your security standards.
5. Use strong passwords to protect computers and devices
Make it difficult for third parties to access your company and employees’ devices and computers if they are lost or stolen by protecting them with strong passwords and enabling remote wiping on all devices.
6. Install or enable a firewall
Even small companies with only a few employees have valuable data that needs to be protected. Make sure you have a firewall installed to prevent strangers from accessing your company’s network.
7. Secure your wireless network
Use a strong password and encryption and security to hide your wireless network from strangers. Don’t let neighbors or passersby get into your network or even see that it exists. You are just creating problems.
8. Combat fraud and maintain good customer relations in accordance with LGPD
Adhering to the core principles of the General Data Protection Act (LGPD) and preventing fraud and still having good customer relations can go hand in hand.
Minimizing the amount of personal data collected, anonymizing that data, and adopting privacy by design principles will not only ensure that your customers’ right to data privacy is preserved, but will also help mitigate your risks from an LGPD perspective.
9. Data minimization
Whether or not you rely on legitimate interest to acquire data, you should collect only the minimum data necessary to achieve your goal.
If you can fight fraud with only the least amount of non-direct identifying information it will be better. That will mean less data to protect later.
Make sure that all data is protected using tokenization or encryption.
In addition to increased security, a clear benefit is that mandatory breach reporting requirements are significantly reduced for anonymized data, as the risk of harm to the data subject is greatly reduced as long as the key is not compromised.
11. Privacy by design
Make data privacy an integral part of your organization’s thought process at all levels.
Make it a habit for all departments to ask questions about what data you need, how you will protect it, and whether or not you need consent. Not to mention that a well thought out privacy strategy will likely create a better user experience.
And don’t forget the authentication! Tampered and stolen credentials are a real threat to the security of your users’ data. This threat vector makes stronger authentication an essential component in fighting fraud and defending your users’ right to data privacy.
How EVAL can help your company fight fraud
EVAL has solutions for application encryption, data tokenization, anonymization, cloud protection, database encryption, big data encryption, structured and unstructured file protection on file server and cloud, and key management to meet different demands in the area of data security.
These are solutions for business to be compliant and protected against data leakage.
EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.
With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.