Data Security and Knowledge Management–Does Your Platform Make the Grade?
When it comes to data security, what you don’t know CAN hurt you. According to a study by IBM, the global average cost of a data breach in 2020 was $3.86 million, with an average cost of $146 per lost or stolen record. When IBM accounted for the impact of the remote pandemic workforce, they found the global average total cost of a data breach increased by nearly $137,000, bringing the adjusted average total cost to $4 million. And, for organizations with more than 25,000 employees, the average total cost climbs to a staggering $5.52 million per data breach.
The cost of a data breach isn’t strictly monetary. A data breach occurs when secure or private information is intentionally or unintentionally released to the public, deleted, or falsified. Depending on the type of breach, competitors may gain access to sensitive information, customers may lose trust in your brand, your intellectual property may be lost, or you could face operational downtime or legal action.
As large enterprises increase their use of cloud-based storage options and outsource more operations to third-party vendors, their cybersecurity defenses and data security measures, including due diligence in vetting third-party providers and continuous vendor oversight, must evolve. The responsibility for protecting your data can’t fall solely on your IT department; it’s a responsibility that needs to be shared across all departments, employees, and vendors, including your knowledge management platform provider.
What should you look for when choosing a knowledge management platform you can trust?
The IAPP’s 2019 report revealed that 94% of firms ensure vendors have appropriate data protection safeguards by “relying on assurances in the contract.” But, how much does your contract actually tell you about the way the vendor handles the information they store on your behalf? When you look at your contract with your knowledge management platform provider, you should see measures that go beyond the basics and prove the vendor is appropriately invested in the infrastructure and security of their knowledge management applications and data center.
The majority of high-severity data security issues are due to vulnerabilities in a vendor’s network security, application security, and patching cadence. How does your vendor handle exposure of SQL database input screens to external audiences? Is their network configured with access controls that limit server-to-server and process-to-process communication to only authorized events? Your vendor should limit network user accounts and restrict administrative accounts to a bare minimum. Does your vendor have not only intrusion prevention measures do they have intrusion detection monitors on all the servers with sensitive information and are they watched 24×7? Your vendor should be able to demonstrate that applications are designed to protect the privacy and confidentiality of electronic data, and that devices have all recently available and appropriate software security patches and applicable antivirus software.
According to the 2019 IAPP-EY Annual Privacy Governance Report, more than a year after implementation of the General Data Protection Regulation (GDPR), less than half of businesses surveyed say they are “fully” (9%) or “very” (36%) compliant. But that doesn’t mean regulatory agencies are taking things lightly.
See what the hacker sees
At Northern Light, we are GDPR compliant and maintain certification under the EU-US Privacy Shield. We also prove our investment in protecting our client’s data by putting our Information Security Policy to the test using SecurityScorecard*. SecurityScorecard providess real-time, measurable assessments, threat intelligence, and sophisticated security monitoring systems to identify vulnerabilities, swiftly repair any issues, and stay ahead of cybersecurity threats. By using SecurityScorecard, we receive a score on network security, web application security, patching cadence, DNS health, IP reputation, leaked information, hacker chatter, endpoint security, cubit score, and social engineering. As SecurityScorecard says, the platform allows you to “see what a hacker sees.”
In our latest assessment, Northern Light obtained an overall score of 99%, which is the highest score across leading knowledge management platform vendors. We received a perfect score in the three areas prone to high-severity issues mentioned above: network security, application security, and patching cadence. In the figure below, one of the leading knowledge management platform vendors received an F, while another received a C in Network Security. Northern Light is the only vendor with a perfect score in application security, while three other vendors received a D in this category. For Patching Cadence, you can see a B, C, and D on the board. Would you trust your data with a vendor without a passing grade?
Which platform would you trust to safeguard your information?
Ready to learn more about Northern Light’s knowledge management solutions? Get the peace of mind that comes from working with an industry-leading provider with a proven track record for keeping client data safe. Contact Northern Light today.
* The Forrester New Wave™: Cybersecurity Risk Rating Platforms, Q1 2021 Report deems SecurityScorecard an industry leader, saying the company “leads the pack with robust process transparency and workflow capabilities.” SecurityScorecard has also been named a 2021 Gartner Peer Insights Customers’ Choice IT Vendor Risk Management (VRM) Tools.