What companies are doing to stop data breaches—not just react to them

Data breaches have affected our lives on multiple levels, from breaches of social apps like Ashley Madison, to breaches of retail stores like Target, to breaches of the companies we’ve historically trusted to keep our most personal information safe, like Equifax. Each of these hacks, upon being revealed, had a ripple effect on our economy and personal lives, hitting the stock market and forcing us to pay closer attention to how our personal information is being used, stored, and collected.

Data breaches are possible because of our modern reliance on mass quantities of data and internet-based storage and interaction, which is why the biggest data breaches of our time have all happened within the past decade or so. As we become more connected and more reliant on data in our daily lives, the companies and organizations we trust (as well as us, personally) become more vulnerable to them.

Historically, companies have responded well to these breaches appropriately. They’ve gone on record, apologizing for the incident and providing customers with instructions on how to recover from their information being stolen. They’ve even taken efforts to clean up their security standards in the future. But while responding to a breach is a necessary step, more companies are focusing on preventative measures—so they don’t have to worry about a breach in the first place.

Why prevention is more important

Prevention is more important than response because if a data breach never happens, a company is spared from the public outcry, the monetary damages they’d otherwise suffer, and of course, any damages that individuals would suffer as a result of the breach. Most companies that suffer a large-scale breach end up paying hundreds of millions, or even billions of dollars to repair all the damage, which means proactive investments would actually be cheaper in the long run.

Up until now, companies haven’t focused on prevention quite the way they should have; they’ve seen it as an insurance expense, rather than an investment or a necessity. They’ve also been investing in the wrong areas, or inappropriately valuing some areas over others.

How companies are including more preventative efforts

So how are modern companies working to include more preventative efforts?

• Better tech. There’s something to be said about the level of technology most companies use—and are willing to accept. Firewalls and antivirus software exist to protect companies from forced attempts to infiltrate their systems, yet some companies are satisfied with just the minimum level of protection. No tech-based security method is completely immune to break-in attempts, but more sophisticated technology takes more time and effort to hack, and is less of a target for motivated cybercriminals.
• Better staffing. More companies are valuing high-level positions in IT and security, shelling out big bucks for top talent that can work proactively to prevent breaches from occurring. Of course, top talent is limited and somewhat hard to find, especially in niche industries like the medical field; accordingly, many businesses are finding it difficult to fulfill this need. Still, these positions are growing in demand and are earning more respect and value in the workplace.
• Employee awareness. Not all hacks and breaches are the result of forced entries. Instead, most hacks are attributable to simple and preventable human errors; someone might choose a weak password and never change it, or fall for a phishing scam that puts your entire company’s network at risk. Raising employee awareness of how breaches unfold, and knowledge of best practices is, therefore, one of the best ways to prevent breaches in the future.
• Response plans. Though prevention is more important than response, it still pays to have a breach response plan ready to go in the event that your company is the victim of an attack. More companies are investing in detailed response plans, giving them direction on how to stop the bleeding upon discovery, how to alert the press and begin PR recovery, and how to inform customers about next steps and individual protective measures.

Preventative efforts aren’t foolproof, as there’s no such thing as a “unhackable” system. There will always be both technical and human points of vulnerability, no matter how much you invest or how sophisticated your systems are.

However, with more companies willing to invest in proactively protecting themselves from the threat of a breach, we’ll likely see breaches become less and less common as the years go on. If the major breaches that have populated headlines for the past 10 years have done any good, it’s drawing attention to the problem; major companies are now taking cyber threats seriously, and are more willing to spend money, making sure the problem doesn’t grow any worse.