Companies stash a ton of information, and that amount is constantly increasing. Since technology is constantly improving, companies are able to gain more data about their customers, employees, and so on. As a result, a company must ensure that the data is secured and privacy is a top priority for protection, especially with a data breach
Where do the threats come from?
Threats can come from all over the place, many of which can be avoided. According to the Online Trust Alliance (OTA), roughly 90% of data breaches during the first 6 months of 2015 were actually avoidable. Some of the leading data breaches that we will look at, and not limited to, are: external intrusions, employees, lost/stolen devices and documents, and social engineering/fraud.
External Intrusions
According to the OTA, over a third of data breaches occur through external means. Think of what you see in movies as a “normal” hacking situation where the hacker attempts to hack a business or organization’s network from the outside; of course, hacking is not that easy but it should give you a sense of what I mean by external intrusions. External intrusions can happen in various ways: obtaining a user’s credential, hacking a device, finding holes within the security of something and so on.
Employees
Another leading cause of a data breach is from the hands of employees, it could be either an accident or with malicious intent. Roughly 30% of breaches are from the actions of employees. Here is an example of a situation where an employee may give a hacker the opportunity to commit a breach: phishing.
According to Phishing.org, “Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.”
Employees should be educated on the concerns and dangers of phishing, an organization can avoid such dilemmas; to be quite honest, some of the situations can be humiliating. The OTA reported that an insider could be a potential threat for various possible motives, which can include being unhappy, having issues with personal finance, or moving forward with a different company. A company must recognize that insider threats is real problem, and a business must invest time and resources to ensure data is protected.
Lost or Stolen Devices and Documents
It happens to anyone, we could lose a phone, a file might be placed in the wrong place or we could have plugged in a thumb drive into the right place. According to OTA, 7% of breaches occur due to a missing device while another 9% is missing documents. These could either happen by accident or on purpose. Let’s be honest, hacking a database or network is probably harder than to, say, steal a laptop from an employee. Typically, a breach like this is more common for a smaller business than a larger one due to container features from a data protection system/service. Sometimes, a loss like this could result in a penalty from the Securities and Exchange Commission (SEC).
Social Engineering and Fraud
The last type of breach I want to mention is social engineering and fraud. This is a popular method utilized by a hacker to obtain access to information, which is roughly 8% of breaches. In terms of cybersecurity, social engineering is, “Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In cybercrime, these ‘human hacking’ scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems” (Kaspersky). An example of this breach was the infamous breach that targetted… Target. Based on a Bloomberg report, a group of hackers managed to acquire credentials of an HVAC vendor, which enabled them access into Target’s network. As a result, this allowed hackers to place malware that hijacked 40 million credit card numbers. Due to how drastic the breach was, Gregg Steinhafel, the former CEO, was forced to resign from Target (he was the first CEO to be ousted from a major company as a result of a data breach). There are tons of ways to avoid the dilemma, but one could utilize two-factor authorizations and up-to-date training protocols to ensure employees are well trained in avoiding a social engineering attack.
So, what is data security?
Data security is now a blossoming field, giving ways and opportunities to cybersecurity specialists. Data security is vital for a company’s day-to-day operation. Utilizing proper data security and privacy measures will disable a data leak and allow for your continue to move forward.
Data security is the practice of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle. It’s a concept that encompasses every aspect of information security from the physical security of hardware and storage devices to administrative and access controls, as well as the logical security of software applications. It also includes organizational policies and procedures.
When properly implemented, robust data security strategies will protect an organization’s information assets against cybercriminal activities, but they also guard against insider threats and human error, which remains among the leading causes of data breaches today. Data security involves deploying tools and technologies that enhance the organization’s visibility into where its critical data resides and how it is used. Ideally, these tools should be able to apply protections like encryption, data masking, and redaction of sensitive files, and should automate reporting to streamline audits and adhering to regulatory requirements.
https://www.ibm.com/topics/data-security
What am I protecting with data security measures?
There are a variety of things you could be protecting such as:
- Financial data
- Transactions
- Health care records
- Criminal records
- Browsing history
- Location-based services
- Personal communication
- Genetic material
- Personal information
- Educational records
What are some of the best ways to protect my data?
Data security will only work to back up the technology in accordance with good protective policies. Although data protection measures can be very effective, they help ensure the technology works with these essential strategies.
Keeping up with the Patches
Let’s be honest: pop-ups are extremely annoying, even the creator of the pop-ups recognizes it. However, these pop-ups do exist for a prevalent reason. Through research conducted by HP, they stated that roughly a third of the new hacking tools that were deployed were through a Windows exploitation, which happened to be patched back in 2010. Even though the patch has been released, many users have not updated to the latest patches. Unfortunately, this small little action could have prevented a ton of issues for a lot of people and their important data.
An abundance of these patches are labeled as “critical” or “vital” and could, supposedly, prevent a potential hack. A large organization, with thousands of computers in their network, could potentially miss a small detail that could lead to their system getting compromised by a possible intrusion. By keeping up with patches, like many do with the Kardashians, is an easy and effective way to help ensure that your data is protected.
Reduce the amount of entries
With the amount of devices connected to the internet, there are many ways for a potential hacker to commit an intrusion and cause some sort of damage. For a company, the problems and issues amplify by many folds, in regard to openings and entry points.
Believe it or not, there are plenty of businesses that are uncertain of how many devices they even have. As a result, this could make it a great target for a hacker. The point is to be able to have proper account of the devices within your network, and avoid to have any open-doors that welcome a hacker into your network.
Data encryption
A key aspect featured in any security policy and protection plan is to utilize encryption. By having encryption, a company can aid in the assurance of preventing hackers from accessing sensitive data, to the point where it is not usable for them. Encryption should be installed at all levels of a data protection plan. For example, if you are a retail company (Target, for instance), card readers should be encrypted for the usage of customers.
Picking the right vendors
Many companies utilize a vendor for security services. Companies must ensure that they vendor that they select is capable of maintaining a top-tier level of data security for the sake of the customer’s assurance. If an intruder has the capability of accessing vital corporate data, that is a threat. Any possible loophole or entry has to be blocked off from the intruders to avoid any possible damage to an organization.
Conclusion
At the end of the day, you should have some sense of awareness over data security and privacy. In a future post, I will go over in detail how to protect your data and privacy. I highly recommend investing more time to ensure that you are confident in being able to act as the best firewall against a wave of hacker attacks.
Michael is an Information Technology consultant, with a focus on cybersecurity. Every day, Michael strives to learn something new, with an aim to share it with you all!
