January 14, 2016

Data Breaches Can Happen Where and When You Least Expect It

The cyber crimes that make the headlines are usually the ones carried out by shadowy hackers on the other side of the world.

But security episodes can happen anywhere – and they do. Here’s a look at where they are often least expected.

Restaurant: Any organization (not just retailers) that uses credit or debit cards is at risk. A restaurant data breach is common. So are breaches at hotels, courier companies, ice cream shops, etc. Business is the largest sector affected by incidents accounting for 39.9% of breaches in 2015, according to CSID, an ID protection services firm.

Game App: Who hasn’t downloaded a free game during a work break? But apps often contain malware, and an organization’s corporate data can be accessible via mobile devices. A report from IDG Research showed that 74% of global enterprises have experienced this kind of mobile security issue.  

Online Gift Card: According to CSID, the rise of mobile payments (by credit cards, gift cards, etc.) has made mobile devices a more attractive target for cyber criminals.

‘Mal-vertising’: There are lots of seemingly harmless ads on the Internet. But ‘malvertising’ will infect users’ devices if opened. Similarly, drive-by-downloads require users to visit a website and their device is infected when they do.

Refrigerator: The Internet of Things means connected consumer products such as refrigerators, thermostats, and fitness monitors collect and exchange data. This increases the risk of a breach because they also link to sensitive information.   

Hospital: CSID reported that the medical/healthcare industry accounted for 78.3% of all records exposed in 2015. One example of this type of breach: portable hard drives containing patient information were stolen from a heart hospital in the U.S. The theft occurred over a weekend in a procedure area normally restricted to staff and patients.

Third Party: Breaches by third-parties are also increasingly common. In one data breach, a Japan-based education/publishing company contracted an engineer who leaked the personal information from 7.6 million customer contracts. 

Email: It’s not just account numbers and financial data that cyber criminals want today, says Identity Theft Resources Center. For example, cyber thieves stole names and email addresses of subscribers from a financial news organization, and then targeted the victims with solicitation requests, spam, and phishing emails. In fact, most cyber espionage starts with simple emails attachments (39.9%) and links (37.4%). The Verizon Data Breach Report 2015 showed that 23% of recipients open phishing messages in their emails, and 11% click on attachments.

How can a company protect itself?

  • Launch a security awareness program, and provide on-going employee education.
  • Improve IT detection and protection. Equip computers with the latest anti-virus software and anti-spyware; also the latest operating system and browser. Use firewalls, encryption, and two-factor authentication. Use a block filter and alert on phishing emails.
  • Stay on top of current privacy laws and legislation.
  • Assess the level of security used by third-party vendors.  
  • Lock away portable hard drives at all times.
  • Introduce a comprehensive document management process. Shred confidential paper and e-documents when no longer needed. Use secure shredding services provided by security experts.

In today's quick paces and ever changing world, it’s imperative to protect your organization and yourself from information thieves.