Data Breaches – What You Can Do
By Robert Townsend on October 23, 2018
Background – A security incident where information is accessed without authorization is also known as a data breach. Data breaches are a costly expense that can hurt consumers and businesses in many different ways. “Globally, the average total cost to a company of a data breach is $3.86 million”, according to a study by the Ponemon Institute. The most common type of personally identifiable information (PII) stolen, according to Symantec, during data breaches in 2016 were: full names, social security numbers, and credit card numbers. The biggest targets of these online criminals are businesses and corporations, due to the large amount of data that can be stolen. Even though people seem to have reached a point of brushing off the news that cite a data breach, protecting PII has become more important due to stricter regulation implementation. Even this year, Macy’s, Reddit, Facebook, and Bloomingdales have joined the list of breach victims. Data that is stolen is definitely a subject that needs the public’s full attention.
How data breaches happen – Data breaches occur when a cyber-criminal is able to successfully infiltrate and extract PII from a source. There are many ways this can happen, but the following are the most common ways it has happened.
- Out of date – Software that is out of date can allow a hacker to insert malware and siphon data. Attackers can then take advantage of vulnerabilities within the targets system and possibly escalate their privileges to gain access to PII or other information that can be stolen.
- Weak Password – Passwords that are weak are a leading cause on how hackers are able to brute force into certain systems. Long and complex passwords for any system within a company or business is the best practice. Security policies that require changing your password often is also recommended.
- Social Engineering – This is also a leading cause to data breaches. If employees are not trained properly, they can be tricked via phishing emails. This has been the cause of many data breaches and normally the phishing email will make the worker believe that the email is from a system administrator and they require their user credentials. Another way social engineering is used is when an attacker targets a third-party business partner, that may have
- Stolen – Systems that are stolen: laptops, phones, tablets, etc. are another avenue to data breaches. Keeping your devices secure is important. Encryption is a great way to prevent information leaks from stolen devices. Lock your devices up when not in use. Do not leave your devices laying around where it can be stolen. Keeping your devices up to date and with strong passwords is also highly recommended.
- Accidental – These types of data breaches involve organizations that may have misconfigured cloud services or failed to use the proper access controls, such as password requirements on public-facing web applications, etc.
How to prevent – No one security method or control can prevent data breaches. Defense-in-depth with some common-sense security practices is the best way to prevent a data breach. The following are some steps you can take to defend against data breach attacks after they occur or to prevent it all together:
- Monitor your financial accounts – Check your online financial accounts daily to make sure transactions are not made without your consent. If your financial institution offers activity alerts via email or text, sign up for it.
- Check your credit report – If your information has been stolen it would be wise to monitor your credit report to make sure the attacker has not used your social security number to open new accounts up. Once a year you are able to get a free credit report, by law. You can visit annualcreditreport.com to take advantage of this.
- Secure URLs – Sites that are reputable begin with https://. This is especially important when entering your credit card information on a website. Secure sockets layer (ssl) certificates are required for https websites. SSL certificates secure all of your data as it goes from your browser to the website’s server.
- Security software – Installing and using a virus protection program can help keep your files secure and up to date.
- Avoid sharing on social media – Posting information about yourself on social media is a gateway that attackers use to gain valuable PII. While on vacation, avoid posting pictures since some may take advantage of the knowledge that you are away. Make sure your profile is private, so you cannot be targeted for information.
Conclusion – Tightening your security measures using defense-in-depth is your best practice against data breaches. Never rely solely on others to keep your information secure. Taking preventative measures to keep an eye on your information should be top priority and should be done vigilantly. Data breaches is most likely here to stay, educating yourself and monitoring your online life is the best way to stay safe.
References –
https://us.norton.com/internetsecurity-privacy-data-breaches-what-you-need-to-know.html
https://community.norton.com/en/blogs/norton-protection-blog/data-breach-best-defense-vigilance
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/data-breach-101
https://searchsecurity.techtarget.com/definition/data-breach
https://www.digicert.com/blog/buy-site-know-website-secure/
-
Russia’s Cyber Strategies
Russia’s Cyber Strategies
12/2/2021 -
The Next Generation and Cyber Security
The Next Generation and Cyber Security
12/2/2021 -
Syniverse Short Message Service (SMS) Hack and Two Factor Authentication
Syniverse Short Message Service (SMS) Hack and Two Factor Authentication
12/2/2021