As we round out the current year, the data security world is buzzing with year-end reports and data security predictions for 2017.

From cybercrime to payments fraud — identity crimes took a dramatic turn in 2016. This year-end data paints a telling story of the state of data security. Some changes were for the best, others for the worst. However, there are a few qualitative findings that offer even more insight into the future.

The Good

Data Breach Defenses Will Improve

Data breaches increased 20 percent in 2016; however, the number of impacted victims dropped dramatically. There were five times fewer sensitive records exposed in 2016 than in 2015. This decrease stems from companies implementing more proactive cybersecurity initiatives. These initiatives will help ensure customer data is better protected. New technologies, rising post-breach costs (up 7 percent to $7 million) and increased regulations were integral in spearheading adoption.

While data breach risks will remain top-of-mind in 2017, they’ll likely capture a new focal point — the employee. Sixty-six percent of privacy professionals report that employees are the weakest link in data security. This new focus on human error will be especially true for healthcare organizations, who accounted for 43 percent of all data breaches in 2016. Cybercriminals will continue to target these organizations to facilitate medical identity theft — the fastest growing form of identity theft in the U.S.

Security training, penetration testing, routine system monitoring and Bring Your Own Device (BYOD) policies should be a priority in 2017 to further curb data breach risks.

Compliance Becomes Business Strategy

Traditionally, banks and credit unions took a reactive approach to data security — implementing necessary changes only upon mandated regulation. However, in 2016 data security solidified its rightful place as a business objective for financial institutions of all sizes. This move stems from shifting consumer perceptions and the financial consequences of unintended data exposure.

The shift was so successful that the 2016 Financial Industry Cybersecurity Report ranked financial institutions as a top performer in terms of cybersecurity. Although, the report does point out a few areas of improvement, including the need for stronger network security and increased scrutiny of vendor’s security protocols.

I believe financial institutions will remain leaders in this crusade throughout 2017. The benefits of this proactive approach are too large to ignore, as it serves as a vital risk-management practice, customer engagement opportunity and promotes self-regulation over imposed restrictions.

The Bad

Social Media Is Unsecure

The rise of the connected consumer brings a few social insecurities.

In the first six months of 2016, more than 624 million social media account credentials appeared for sale on the dark web. LinkedIn, Twitter, Tumblr and Myspace were among the platforms involved. Exposed account data was harvested from 2012 and 2013 hacks of the social giants. It’s unclear why the data was suddenly posted, but it served as a stark reminder that once information’s online, it’s out there forever.

Consumers are still relatively unaware of the risks social media presents. Just ask the 13 million Facebook users who have never touched their privacy settings. Consumers can take control of their online identities by adjusting their privacy settings, using strong passwords, watching what they share and steering clear of online scams. Businesses should also exercise precaution by prohibiting social media access in the workplace and implementing two-factor authentication for business accounts.

My 2017 data security prediction? It’s unlikely widespread change will happen without the right catalyst. Unfortunately, this catalyst could come in the form of a major hack or increased social media scams.

Ransomware Is Off The Charts

Ransomware is on track to be a $1 billion business in 2016; and while the risks are well-known to financial institutions, just one-third of consumers have even heard of this vile computer virus.

Ransomware is a form of malware, a malicious software, that takes full control of your device until you pay a specified ransom. IBM reports a 6,000 percent spike in ransomware in just the first three quarters of 2016. Attacks are becoming more targeted as cybercriminals go after high-value targets, like financial institutions. Smaller institutions with fewer data security measures are disproportionately impacted by these crimes. In 2016, credit unions and banks with less than $35 million in annual revenue accounted for 81 percent of hacking and malware attacks against financial institutions. Moreover, IBM found that most victims ultimately pay their extortioner in a futile attempt to regain control of their device.

Instead of losing money to a low-life cybercriminal, invest in cybersecurity protection. Your financial institution should implement anti-phishing and cybersecurity training for employees as well as implement and routinely monitor cybersecurity standards.

Remind your accountholders to conduct online or mobile banking on secure Wi-Fi and protect their devices with anti-virus software. Software should be updated frequently to protect against newly-created strains of malware. Missing software updates can leave their devices vulnerable to attack.

The Takeaways

Can you spot the common denominator of these data security predictions?

People are at the heart of the problem.

We’re more aware of data security than ever before. In all, 93 percent of Americans say being in control of who can access their personal information is important to them. While this knowledge is all well and good, when it comes to exercising effective data security — convenience continually comes out on top.

From reusing passwords and falling for phishing scams to ignoring software updates, both consumers and employees are guilty of some pretty major data security offenses. It’s why social engineering, the psychological manipulation tactics that are applied to fraud schemes to improve their effectiveness, are growing so rapidly. Hackers are no longer preying on the machine, but on the people running it.

As we enter 2017, the biggest cornerstone of data security will likely be empowering the individual. Encourage your employees and accountholders to choose the more rewarding path of security over convenience during their day-to-day activities. Educate them on emerging risks, your organization’s data security practices and tactics on how they can best protect themselves. This is what will spark real, lasting change when it comes to data security in the coming year.

What is your 2017 data security prediction? Share it in the comments section below.