Kroll's Fraud Solutions division has released its data security forecast for 2011, highlighting the top 10 areas where organizations, particularly those in the healthcare industry, will see the most changes in new data security regulations, breach vulnerabilities and protective measures.

"There is no question that the events of 2010 will impact how organizations approach data security in 2011," said Brian Lapidus, chief operating officer for Kroll's Fraud Solutions division. "Expected changes run the gamut from how organizations prepare for and respond to a breach to the types of breaches they will confront. Organizations can stay ahead of the curve by making sure that they are up to speed on the changing risks – from the top of the organization down."

Kroll's top 10 data security trends for 2011:

1. More small scale data breaches will make headlines. Now that healthcare entities are required to report breaches affecting 500 or more individuals, expect to see an increase in the number of smaller scale breaches reported. As all companies increase data security measures, system audits will bring to light breaches that may have been overlooked in the past.
2. "Low-tech" theft, where data is stolen through non-electronic means, will increase. Data thieves look for the path of least resistance, focusing on areas of least attention to the organization. Because most organizations are focused on improving technology and moving from paper to electronic records, we can expect to see more low-tech data theft on the horizon.
3. The continuing crisis of lost devices will dominate the data theft landscape. Organizations rely on devices such as smartphones, netbooks and laptops for anytime, anywhere connectivity. But it is these types of devices that if stolen or missing continue to be a major source of data breaches. In fact, the U.S. Department of Health and Human Services breach list indicates that 24 percent of reported breaches were due to laptop theft – more than any other specific cause. Expect to see an increasing number of instances and warnings of mobile vulnerabilities and scams. There's already been an increase in smishing (SMS or text phishing).
4. Data minimization will increasingly be seen as an essential component to data security plans. Companies that have spent years amassing as much consumer information as possible should consider whether the information is still useful. If not, it represents a liability. In 2011, we will see organizations increasingly turn to data minimization – limiting the data collected and stored, and purging old data on a regular schedule – as a means to reducing their risks.
5. Increased collaboration and openness will increase organizational vulnerability to data breach. Interoperability is a requirement for healthcare entities switching to electronic health records, but by its nature, data in transit is data at risk. In other words, the exchange of data opens organizations up to new vulnerabilities – from lackluster data security measures at a partner institution to increased propagation of data.

   Story continued on next page.