How Will We Stop Security Breaches?
John Rampton
Super Power = Online Growth | $1,000,000,000+ in Online Sales | Want to build your unicorn with me?
Despite being around since the 1980s, security, or data,?breaches have become increasingly more common at an alarming rate .
“We are seeing a shift with the increase in data breaches in 2021 compared to 2020, primarily because of the growing number of phishing attacks, ransomware attacks and supply chain attacks,”?said ?Eva Velasquez, president and CEO of the Identity Theft Resource Center. “While it is discouraging to see the number of compromises up, it is encouraging that we could see the fewest number of people impacted in seven years. Criminals continue to exploit organizations of all sizes through single points-of-attack, making good cyber-hygiene practices more important than ever.”
In fact,?1001 data breaches occurred in the United States in 2020 . Furthermore, in the course of the same year, over 155.8 million individuals were exposed to sensitive data due to inadequate information security. If that weren’t concerning enough, every 11 seconds, a business would be hacked by ransomware .
Even if you’ve been fortunate enough not to have experienced a security breach, it should be on everyone’s mind. After all, a security breach isn’t just frustrating. It can be a costly experience that can occur without much warning.
If there is good news, it’s that we can stop these breaches both on an individual and business level.
What is a Data Breach?
Data breaches involve the unauthorized access of confidential or sensitive information. An example of a breach is an illegal entry into a computer system or network. Once in the network, criminals can steal sensitive information from customers or users, such as financial and personal data.
The?U.S. Department of Justice ?defines a breach as “the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, access for an unauthorized purpose, or other unauthorized access, to data, whether physical or electronic.”
Data breaches are commonly caused by cyber attacks such as:
How Do Data Breaches Happen?
Most people assume that hackers are entirely responsible for data breaches. However, that’s not always the case. Sometimes a breach has occurred because there was a flaw in a company’s infrastructure. Other times, it happens when you make an honest mistake, like clicking an email link.
Knowing how breaches happen is the first line of defense to protect yourself. With that in mind, here are some of the most common ways that security breaches take place.
The High Cost of Security Breaches
At some point, we’ve all received an unwelcome notification. An unknown device has signed into your Hulu account. Your credit card company has been compromised, but you might be alright. In these cases, the solution could be nothing more than changing your password.
Unfortunately, it’s not always that painless. When not addressed promptly, breaches can have expensive and long-lasting consequences.
While this is merely skimming the surface, the fact of the matter is that security breaches are frequent, costly, and will only get worse. For example, it’s being predicted that?by 2025 that cybercrime will cost the world $10.5 trillion annually . As such, it’s more important than ever to take a stand and be proactive before you become a victim.
How to Prevent Security Breaches
Asset inventory.
“A visibility of what hardware and software assets you have in your network and physical infrastructure will help you gain a greater understanding of your organization’s security posture,” note the team over at?Cipher . “An asset inventory can also be used to build categories and ratings around the threats and vulnerabilities your assets may meet.” By categorizing and rating vulnerabilities, you can prioritize remediation efforts more effectively.
“Data breaches put a major focus on endpoint protection,” they add. Moreover, despite what you may believe, a single antivirus program is not enough to?protect your data . Solely relying on antivirus can expose your desktops and laptops. And, since these devices can serve as gateways for malware, this should be a priority if you want to thwart security breaches.
“A comprehensive endpoint solution will use encryption to prevent data loss and leakage, enforce unified data protection policies across all your servers, networks, and endpoints,” they note. As a result, this reduces the risk of a data breach.
Scale down.
Keep sensitive and personal identifying information only when you have a legitimate business need, advises the FTC. Ideally, you should not even collect this type of information in the first place. But, what if you do have a valid need for this information? “Keep it only as long as it’s necessary,” states the FTC .
What’s more, you should keep the following pointers in mind as well.
“If you must keep information for business reasons or to comply with the law, develop a written records retention policy to identify what information must be kept, how to secure it, how long to keep it, and how to dispose of it securely when you no longer need it,” suggests the FTC.
Improve security.
While this has been discussed ad nauseam, it’s at the cornerstone of protecting yourself from security breaches. But, which security tactics should you focus on? Well, here are some of our top suggestions.
To begin with, control access to sensitive data. After all, there is no reason to give everyone on your team access to your network without restriction. For example, create separate user accounts if your network has personal data stored in places that others cannot access. Or limit access to those areas or what can be accessed. Also, a simple locked file cabinet should suffice in keeping nonessential team members from viewing paper files, external drives, and disks.
Additionally, in a previous Due article , Deji Atoyebi states that you can shore up your cybersecurity through;
领英推荐
Data encryption.
“Encryption experts believe it’s no longer possible to build a fortress around a business’s data,” he writes. “Instead, encryption — scrambling data, so it’s unreadable to everyone but the intended recipient — is the best safeguard against someone determined to get in.”
Hardware security.
Utilize security features on desktops, laptops, mobile devices, and printers. A wide range of secure services is available, including USB security keys, servers with locks, and hardware that is encrypted. And, never leave laptops unattended.
Strong and complex passwords.
Do not use any personal information, such as your birthdate. Also, avoid reversing common words or simple sequences of letters or numbers. Passwords should include a combination of symbols, lower- and uppercase letters, and at least eight characters.
A high-quality firewall.
“Firewalls are mandatory,” notes Deji. “They guard your network by controlling the internet traffic flow that comes in and out of your company.” In addition, most firewalls filter out threats so effectively that they block dangerous websites entirely.
Antivirus protection.
Antivirus and anti-malware protection is necessary for online security. You can use these packages to scan your system for malware, as well as?scan your email attachments for viruses .
Regular program updates.
Keeping your programs up to date will make your system more secure. By updating your software regularly, you will prevent hackers from exploiting any gaps in your system. It is common for programmers to address or fix issues that have arisen since the last update, so take advantage of the free security, he advises.
Regular backups.
Most external hard drives can be configured to make copies of data daily, weekly, or monthly. A cloud backup is also a good idea. By doing so, you will be able to easily retrieve your data in case your computer system is lost, stolen, or damaged.
Conduct employee security awareness training.
“Would you believe that most data breaches aren’t the result of some dedicated hacker brute-forcing their way past your best defenses?” asks Nate Nead is the CEO of DEV.co and SEO.co in?Forbes .?“Instead,?about 88% of breaches ?are attributable to human error — errors that employees can often make.” After all, it only takes one successful phishing email or social engineering ploy to gain complete access to your network.
It is therefore essential to train your employees in data security best practices. Best practice training will include:
Make sure that third-party vendors comply.
It’s not uncommon for companies to do business with a wide range of third parties. Therefore, that means getting to know these people is more important than ever before.
For example, what if a contractor or a delivery person who has a sketch past enters your property. If you weren’t aware of this and have a lax security policy, they could access sensitive data and blackmail. That may sound obscure, but it’s always better to be safe than sorry.
While this also might not make your IT department happy, taking extra safety precautions is paramount. Additionally, make sure third parties comply with privacy laws. And, don’t be afraid to ask them for background checks as well.
Don’t overlook physical data.
“We get so focused on online and cloud-based data protection that we neglect physical property like paperwork, hard drives, laptops, flash drives, and disks,”?writes ?former Due CTO Chalmers Brown. “Make sure that these physical items are stored securely and not carelessly left out for anyone to grab, like in your garage or passenger seat of your car.”
“Like not storing personal data that you no longer need, you should also dispose of information you no longer need securely,” he adds. “For example, if you’re a local pharmacy, you would want to shred customers’ outdated prescriptions.”
Develop a cyber breach response plan.
Imagine going to work tomorrow morning and finding out there has been a breach of data. How would you react? If you don’t have a cyber breach response plan in place, you may run around like the proverbial chicken with its head chopped. And, as one would imagine, that’s only going to make matters worse.
If you’ve been comprised, either individually or as a business owner, you need to act as quickly as possible. The longer you wait, the more damage can be done. When it comes to businesses, each state has its own set of rules on responding, like how long you must notify customers. Usually, this is within a week. But, by having this plan prepared ahead of time, you can speed this process up.
What your cyber breach response plan should contain.
While data breaches aren’t 100% preventable,?being proactive about cybersecurity can at least give you a fighting chance . And, what’s the alternative?
Having your sensitive data stolen results in paying the financial and PR cost that are associated with breaches. Taking precautions with your accounts and employees will benefit everyone.
John Rampton ?is an entrepreneur, investor, and startup enthusiast. He is a founder of the calendar productivity tool?Calendar . You can sign up for early access to Calendar?here !
This article originally appeared on Due. ??