Women's Society of Cyberjutsu – Cyber Security For All
Today we are going to be talking about data breaches?
Data breaches, we have all probably heard about them before in the news. There have been some very significant breaches like the data breaches that occurred to Yahoo and Target. These data breaches have cost millions of dollars. They have exposed sensitive customer data such as emails, phone numbers, addresses, and in some severe cases, social security numbers, passport numbers, passwords and credit card information. No data breach is ever a good one. Big players such as Verizon, Sony, and even the U.S. Government have also been hit with major data breaches in the past decade. But if data breaches are so bad, why do they keep happening and most importantly, how do they impact you? Let’s take a deep dive into this topic and learn about data breaches and what you can do to protect yourself.
Data Breaches – A Primer
Let’s start off with defining a data breach. A data breach is an incident that exposes confidential or protected information. Data breaches could be intentional or accidental. There have been instances where employees “accidentally” shared information on the internet without knowing they were doing it. But most cases of data breaches are usually intentional and involve a hacker trying to obtain digital records that a company may be in possession of. As you can see, a data breach can have a huge potential to inflict serious damage, not only on the company being hacked, but to the individuals whose private information gets leaked out on the internet.
At this point, you may be asking yourself, why do they continue to happen? If you’ve been listening to my podcast (linked in this post) for a while now, then you know that there is no single solution in cybersecurity that will protect you and your business. Hackers are clever and the threats change every day. As more and more companies go digital (and thanks to the pandemic, many have had to do it in record time), hackers have even more companies to choose from. Companies invest millions of dollars in protecting themselves from hackers. But, not all companies have the luxury of spending all their money on cybersecurity. Other companies do not believe it can happen to them, so they do the bare minimum to protect themselves. Some companies know they must protect themselves, but hackers still manage to get in. It almost seems like the fight against hackers is inevitable and people should just give up trying to stay safe. But, even though the war will never end, it is important to remain vigilant.
There are so many things a company can do to lower their chances of getting hacked. It requires two things for them to be more effective. One, they need to know the threats that are out there. By reading this post or listening to my podcast, you are taking a good first step! Two, you actually need to implement cybersecurity best practices. It’s not enough to read about them, you actually have to do the work. And data breaches don’t just happen to businesses. It can happen to you personally. Your personal cloud, banking, and school accounts can be hacked if you are not careful.
How to Minimize a Data Breach
First thing you can do to protect yourself and your business is to train your people. If someone has admin rights to a system, they should be up to date with all the latest social engineering tactics. Next up, invest in some physical security. Can anyone physically walk into your building and gain access to servers? This is much easier now with so many using the cloud, but if you are still using on premise servers, how protected are they? Same things for folks at home. How easy is it for someone to get to your router? Is your computer always on? No lock screen? How easy is it for someone to come in and get physical access to your hard drive?
I can’t stress this enough, but every human being on this planet needs to be better trained on social engineering. So many attacks happen because a person falls for a trick. This trick will cause them to expose their confidential information such as their usernames and password. They might also be tricked into downloading and installing something on their computers. This malicious code could be spyware, keyloggers, and even ransomware. So many breaches start because someone opens the door of opportunity for hackers. What are you doing to protect yourself? There are many more things you can do to protect yourself, but I believe if you invest in what I just spoke about, you can go a long way.
Once a data breach happens, what happens to your information? We all hear about it in the news, but has anyone actually seen first hand what can happen if their data gets exposed?
What Happens to Exposed Data?
First, your data is often sold in the dark web. This is a topic for a future episode, but just know it’s like a black market for just about anything. Someone wanting to buy a valid credit card number can go on there and just buy one from someone that has millions. They get these millions of card numbers from data breaches. Next, now that all your information is out there, it is much easier to impersonate someone. They have your number, social security, address, phone number, pretty much everything and anything that makes you unique. Impersonating someone becomes trivial at that point.
You’d think that with so many data breaches that have occurred, we would have figured out a system to not only protect our information better, but to also prevent others from impersonating one another. I’m curious to see how the world of AI starts influencing this world. Maybe it will be harder for hackers to break into systems because AI can more easily detect anomalies. Maybe we develop a new digital identification for each individual using the blockchain. If you want me to explore some of these areas, please feel free to let me know. I think they are interesting and might be worth discussing in the future.
There you have it. Your data breach 101 guide. I hope you take my advice here and go protect yourself. I know that I am constantly reviewing my accounts and updating passwords and enabling 2FA. If you enjoyed this post, make sure you check out my podcast. I have dozens of cybersecurity related posts published and I really think you’ll find them useful. Make sure you follow me on social media as well! Help me grow this blog into a thriving place where anyone can come and learn about cybersecurity!!!