Businesses Can Follow These Steps To Combat Data Breaches
Two-factor authentication does not allow login without access mobile phone confirmation and makes it much harder for criminals to change account details.
Over the last few years, data breaches have grown in both frequency and severity. According to Gemalto, data breaches compromised 4.5 billion records in only the first half of 2018. The most recent of these high-profile scandals is the Marriott data breach, where hackers stole private details from around 500 million customers. These details include names, addresses, credit card and phone numbers, as well as passport numbers and travel details.
While it’s not the largest data breach by any means, 500 million is no small number for such a sensitive breach. The data stolen can be used by criminals to commit identity theft, where they could convince targeted individuals to give up vital, personal information, like passwords or access to banking sites. The more convincing a phishing email is, the more likely someone is to reply to it.
Data breaches on the rise
There has been such an increase because, to date, companies have faced no real penalties for poor storage and protection of data – apart from reputation loss. Yet, in the near future, organisations will be fined enormous sums for allowing data to leak.
People are also in a semi-state of ignorance, or deliberate ignorance, of safe computing practices. Cyber theft is becoming the fastest growing crime in the world but there is a severe shortage of cybersecurity talent – with unfilled cybersecurity jobs to reach 1.5 million by 2019.
In the wider context, according to the National Crime Agency Cyber Crime Assessment 2016 report, cybercrime accounted for 53 per cent of all crimes in 2017 and it’s rising year on year. Cybercrime will continue to develop into a highly lucrative and well organised enterprise.
With cyber criminals beginning to invest in research and development., a Mary Meekers state of the Internet report for 2017 reports that network breaches are increasingly caused by email spam/phishing. In fact, spam increased 350 per cent in one year. Similarly, ransomware is also showing worrying trends. Malwarebytes show increase from 17 per cent in 2015 to 259 per cent in 2016. Across the board we are seeing increases in attacks and breaches like Marriott will only worsen the problem.
Seven steps to keep data safe online
For those who are concerned about their data, the following tips will help keep individuals secure and prepared:
- Review your online accounts and credit report – reviewing bank accounts, auction accounts, and mobile phone accounts regularly helps to flag signs of fraud or rogue charges. Banks are good at spotting fraud but, ultimately, it’s up to the individual to spot fraud on their account.
- Keep software updated – running the most recent software versions on any mobile operating system, security software, apps and web browsers is among the best defences against malware and other threats.
- Use different passwords – hackers often steal a login and password from one site and attempt to use it on other sites.
1. Passwords should be long, strong and unique.
2. It is good practice to install a reputable password manager to create complex strong passwords stored in an encrypted file on a personal computer.
3. You need only one master password and the password manager will automatically log in to different sites with secure passwords.
- Register with websites that collects emails associated with publicly known website hacks. Submitting an email here makes it easy to see if personal details have been released in a website hack. Registering an email to receive future notifications if the it appears in a future hack. Watch out also for phishing emails from the site just hacked.
- Enable two-step authentication– many sites such as Apple, Microsoft and Google now ask to associate a mobile phone with an account. Two-factor authentication does not allow login without access mobile phone confirmation. Ultimately, this makes it much harder for criminals to change account details.
- Close old accounts – multiple unused accounts simply create more points of vulnerability. Sometimes that might mean having to go through steps to recover a forgotten password but it is worth it. The less online footprint, the better.
- Be cautious – unsolicited communications that ask for data or refer to pages asking for personal data should be carefully checked. Avoiding clicking on links or downloading attachments from suspicious emails is also a good precaution.
Despite increases in established attacks like phishing and ransomware and constant cyber-attacks, organisations can keep safe. They can remain vigilant in their IT education of all employees. They can remind them to be alert and not to click on suspicious looking emails or links.
Individuals can also do their bit to keep their data safe by bolstering their online security. Firms need to apply multi-factor authentication where available and password managers. They should close any old accounts and monitor account activity.
(The article has been authored by Kevin Curran, Senior Member, IEEE)