Data Breaches Are Getting Worse: Know the Basics

by

The exposure of sensitive information can be disastrous for individuals, businesses, or governments. Yet data breaches aren’t going away. The first data breach compromised more than a million records in 2005. Since then, we’ve seen ongoing news of breaches. But there are some basic steps you can take to avoid falling victim to an attack.

Let’s look just at August 2022:

  • A breach at communications giant Twilio exposes 1900 users’ phone numbers and SMS verification codes.
  • Researchers discover at least 9000 virtual-network computing endpoints exposed online without a password.
  • CISCO confirms a ransomware gang has exfiltrated 2.8GB of data.
  • An American neurology practice notifies 363,833 individuals of a data breach.
  • 4 million Twitter users are thought to have been affected by a data breach at the social media firm.

And that’s all during a 10-day period!

In its annual Cost of a Data Breach study, IBM found the cost of a breach hit a record high this year, at nearly $4.4 million.

How does a data breach work?

A data breach involves any unauthorized access to confidential, sensitive, or protected information, and it can happen to anyone. Data breaches happen mainly when hackers can exploit user behavior or technology vulnerabilities.

The threat surface continues to grow exponentially. We are increasingly reliant on digital tools such as smartphones and laptops. With the Internet of Things (IoT), we’re adding even more endpoints that unauthorized users can access.

Popular methods for executing malicious data breaches include:

  • phishing – emails in which hackers persuade users to hand over access credentials or the data itself;
  • brute-force attacks – hackers use software and sometimes even hijacked devices to guess password combinations until they get in;
  • malware – infects the operating system, software, or hardware (often without the user knowing) and steals private data.

Disgruntled employees or political hacktivists can also be behind data breaches. However, more often than you would hope, the breach is due to human error.

Basic steps to avoid data breaches

Too many data breaches trace back to people using weak access credentials. Yes, there are still people out there using “password” or “123456” to log in at work! Thus, an important step to counter data breaches is enforcing strict password policies.

Multi-factor authentication can also help. This way, even if the employee uses a poor password, or their strong password is stolen, the hacker has to work to get access. They might need the user’s physical device to confirm a one-time-use code sent to verify identity.

It’s also important to patch and upgrade software as soon as asked to do so. Manufacturers support security by keeping abreast of hacker attacks throughout the world. They’ll also watch for bugs and any vulnerabilities. Disregarding that message to upgrade or patch could leave your computers at risk.

Encrypting all sensitive data can also cut the risks of a data breach. That way, if the bad guys do get inside your systems, they can’t do anything with the information they access.

With more people working remotely, the number of users doing business on their own devices is also up, which represents another data breach risk. Enforce strict Bring Your Own Device (BYOD) policies to minimize exposure. You might require virtual private networks and professional-grade antivirus protection.

Don’t risk data breach damage

Data breaches cause business downtime and can cost your reputation and bottom line. You may lose customers and also have to pay legal fees or compliance fines. Don’t let this happen to you. A managed services provider can install protection and take precautions against data breaches. Call us today at (515)422-1995.

The True & Unexpected Costs of Being Hacked

by

There are the normal costs everyone associates with a breach, like getting your own server and computers fixed up, with maybe a little downtime. But really, most businesses view the possibility of getting hacked as more of an inconvenience than a bottom-line cost. For those who’ve come out the other side though, it’s a very different story. They know the hidden and ongoing costs of a data breach can be crippling, and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close after a cyber-attack. Here are a few of the hard, but common realities of life after a hack.

Raiding the budget to reduce downtime

From the moment a cyber-attack gets into your system, things get expensive, and the longer the attack goes, the more it costs. Latest stats reveal most breaches aren’t identified for around 191 days, then it can take on average another 66 days to contain the damage. During this time you’re cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fee for experts to fix everything up, all the new tools and software they insist you have, and all the hours/days/weeks when your business is struggling with downtime, you’ll exhaust your emergency funds very quickly.

The long arm of the law

Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. Having any medical data or legal files leak is a particularly messy scenario with fines coming from multiple sources. In any case, new privacy laws mean businesses are liable for massive fines if they don’t disclose a data breach, even if only email addresses were stolen. Where this gets even trickier is that the burden is on your business to know exactly what data has been stolen/illegally accessed, so you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you still need to hire an expert who can identify exactly what the hackers took, from where and when.

Customer retention measures

In a double-down crush to your bottom line, not only does your business have to bear the cost of the hack, your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to engage PR experts, spend more on advertising, and go all out to ensure they survive to fight another day. Even so, your breach disclosure will still come up in search results for many years. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.

All your secrets exposed

While you may not have Pentagon level secrets to protect, your business does have information that you’d like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. Think Coca Cola recipe, Big Mac Secret Sauce or 11 Herbs & Spices…While those corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret. It may not be a secret recipe, but your proprietary methods and databases have a black-market value all of their own.

But simply avoiding a breach doesn’t cost much at all…

The thing is, it’s not expensive to stay on top of it all and keep your business protected. That means no need to raid other department budgets in a panic, pay crippling fines, make embarrassing public announcements, or fight to retain your competitive edge.

We can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians can build a virtual fortress around your business that keeps the bad guys out while letting you thrive, and even monitor security with early warning systems. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe while keeping your IT costs low.

Updated Information about the Equifax Financial Data Breach

by

As you have probably heard by now, credit reporting company Equifax revealed last week that its databases were hacked in a large-scale breach affecting millions across the US, UK & Canada. While no hacking event is ever good news, some are easier to ignore than others – this isn’t one of them. The sensitive nature of the exposed data now requires immediate action for all those even possibly affected.

The short version: Equifax is one of the three main organizations in the US that manages & calculates credit scores. To do that effectively, they have access to almost every piece of financial data for adults in the country, plus pretty much anyone who’s lived/worked in the US. We’re talking social security, tax file numbers, drivers’ license, credit card numbers…the important stuff. On September 7th, Equifax disclosed the breach, stating that hackers had repeatedly gotten in through a vulnerability in the web application from mid-May to July of this year. Since then, there has been a lot of conflicting information floating around the internet. I have gone through and tried to decifer the best course of action to recommend…

The best action now is to protect yourself against fallout:

  1. Go to: http://www.equifaxsecurity2017.com (dead link) to see if your data may have been affected. There was some news that this site was delivering random results, but Equifax announced it has been corrected. I have tested it myself and it seemed to be working now. That being said, it’s safest to assume everyone with a credit history has been impacted.
  2. Claim the Equifax free year of credit monitoring & identity theft insurance (if you’re a US resident). If you’re not eligible, consider sourcing your own. As the hacked data will continue to circulate for some time, consider extending your credit monitoring for a few more years.If you are wary of trusting Equifax with protecting your credit (They dont have a very good track record at this point!), you can instead look at services such as Lifelock to freeze and monitor your credit reports.
  3. Keep a close eye on your finances and accounts. Check for notifications of new credit applications, monitor your statements and bills, and immediately report any suspicious activity or sudden change in billing.
  4. Change all your passwords to be strong, unique and long (you should be doing this anyway!). Now that the hackers have your passwords from the Equifax site, the stolen data may give hackers a free pass into the rest of your bank accounts, email and personal information.
  5. Add two-factor authentication where possible. This is when an account demands a second layer of authentication before allowing access or changes, like a 6 digit code texted to your phone in order to log in. Even if a hacker has your password, they would need to also have your phone in order to get logged in.
  6. Finally, and probably the MOST EFFECTIVE mitigation for this issue…Consider freezing your credit report. Check out a very nicely written article HERE about how to do this. Freezing your report makes it harder for identity thieves to open accounts under your name, as access is completely restricted until you choose to un-freeze. You will have to unfreeze your reports if you ever wanted to get a loan or similar, but how often do you really do that?

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy