A whopping 15.1 billion records were exposed in 2019, causing companies lawsuits, revenue losses, and a damaged reputation. Cyberattacks are not the main culprit though, as many incidents happen inside organizations. Whether a simple human error or an intentional wrongdoing, it can cost millions.
Data loss prevention is a complex process, but it will mitigate the risk of finding yourself in the middle of a crisis without a clear survival plan.
What is data loss prevention (DLP)?
Data loss prevention is a set of tools and methods to ensure that your veterinary hospital’s data is not lost, misused, altered, or accessed by third parties. It encompasses both risk management software (firewalls, antiviruses, intrusion detection systems) and employee training.
Data loss prevention monitors data:
at rest in your data storage;
on computers, smartphones, and other devices.
Why is data loss prevention important?
Reputation. A single data breach could destroy your reputation and, with it, your business. The consequences of lost data could haunt you for years, especially since articles about breaches are available online forever. If a customer leaves your hospital because of poor data security, it might be very hard to convince them to come back. While reputation is difficult to monetize, it’s the most valuable asset your veterinary practice has.
Liability. Your customers put their trust in you. If you’re collecting their credit card details, names, and addresses, people expect you to keep that information safe. It’s not the fines that should force you to take security seriously, but the obligation you owe to your customers.
Financial loss. An average data breach costs a company up to $3.86 million. However, in some countries, the expenses could be much greater. For example, the US tops the list, with $8.64 million. The severity of the financial implications depends on the size, the scale of the breach, and how quickly it was detected. In the worst-case scenario, considerable expenses could lead to bankruptcy. The AVMA indicates that their average claim rate for a cyber breach is $133,000.00
Lawsuits. While it’s important to comply with data regulation laws, it’s not only authorities you have to worry about, as customers can also sue you for losing their data. Lawsuits cost time and money — for smaller veterinary hospitals this might be an unbearable burden.
How does data get lost?
There are thousands of ways you can lose data, from computer viruses to insider threats. As an veterinary hospital, you’re more vulnerable than you think. Let’s explore how your data can get lost.
Unethical employees, business associates, contractors, or former colleagues can be even more dangerous than hackers. They’re already inside your practice’s network, so they know your secrets and where to find them.
In 2020, Shopify, an e-commerce platform, revealed that two members of their customer support team obtained the personal information of 200 merchants. The stolen data included names, emails, addresses, and order details. Shopify was lucky to catch the perpetrators before they used customers’ information, but you can imagine the scale of this breach had they not been stopped.
Estimates suggest that 48% of all insider incidents are intended to cause harm, while 43% are accidental.
Even tech-savvy employees make mistakes, and no company is immune to human error. People can accidentally delete files, connect an infected flash drive to a computer, share credentials with hackers, or fall victim to social engineering. Even a spilled cup of coffee can destroy hardware with important files.
In 2015, a clinic in London was fined £180,000 after leaking the details of almost 800 patients who had visited HIV clinics. The leak was caused by a simple mistake: instead of adding email addresses to the “BCC” field, an employee added them to the “TO” field. As a result, everyone on the list could see the full names and emails of other recipients.
Fires, floods, hurricanes, earthquakes, or even a fallen tree can destroy your servers and cause data loss. Natural disasters strike when you least expect them, and there’s nothing you can do about that. With the changing climate, the number of affected veterinary practices will also grow.
Natural disasters hit smaller hospitals the most. Up to 60% of those never reopen after a major catastrophe.
Ransomware attacks increased by 41% in 2019, and 205,000 practice owners were locked out of their files. Unless you pay ransom, your data could be lost forever. And even if you do, you can never be sure that hackers will decrypt the information.
Perpetrators are getting better at impersonating institutions, your coworkers, or even well-known brands. These days, veterinary hospitals receive phishing emails every day. And when you open a phishing email, it can lead to anything from installing malware on your computer to completely losing control of your data.
Broken hardware, a misconfigured practice management system, or outdated software might cause you all kinds of problems. Technical issues affect smaller veterinary practices more severely than the corporate groups, as the former rarely have dedicated IT administrators who can solve problems as soon as they occur.
Data loss prevention: best practices
Educate your employees
Every member of the practice has to know the security risks and how to handle them. Regular employee training is strongly recommended to remind them about common social engineering tactics, the importance of strong passwords, and software updates.
It takes one person to compromise the data of the entire hospital. But you can avoid that with proper training.
Your data is never safe unless it’s encrypted. Even if your sensitive files end up in the wrong hands, nobody will be able to view them.
Lucca can help you encrypt your local data stores. With the Lucca data vault your backups are encrypted locally as well as in the cloud so that you’re always protected.
Monitor your company’s network
Employees should have access only to those resources they need to perform their tasks. And it’s important to keep logs in case there’s an incident. The network should be monitored at all times to detect and eliminate threats as soon as they emerge. This includes alerts about any suspicious activity, overloaded servers, or network connections.
Identify sensitive data
Some data is more valuable than other data. Get rid of any data you don’t need — it’s no use storing records that are no longer relevant.
Regularly conduct penetration tests
Rather than waiting for cyberattacks to happen, you can test your network and imitate an actual attack. This way, you can find out whether your hospital’s DLP processes are good enough and identify the weak points. Prevention is about being one step ahead, and penetration testing is crucial for data loss prevention.
Don’t trust your vendors
When you purchase data loss prevention software, ask as many questions as possible. You need to find out how the vendor is handling your data, who’s responsible, and what measures they are taking to enhance your security.
Data loss prevention is a shared responsibility between the veterinary hospital, its employees, the software vendors, and partners. If one party fails to do its job, it can compromise the whole organization. With the right tools and attitude, you can prevent your business from going down the rabbit hole in case something bad happens.
Sources: NordLocker read more hear