September 08, 2015

Personal Information Security: Why You've Probably Been Hacked

How can you tell if you’ve been hacked?

The New York Times published an interesting interactive quiz recently that estimates the number of times your personal information may have been exposed to hackers. The quiz results are based on what companies, retailers and websites you have dealt with and whether those companies have been hacked over the last few years.

It’s a real eye-opener, and helps to illustrate how half of American adults have had their personal information exposed to hackers in the last year, according to the story.

Personal information includes Social Security numbers, birth dates, phone numbers, addresses, email addresses, location of assets, and credit and debit card numbers and accounts. To be in compliance with privacy laws, companies that handle private information, whether in electronic or hard copy form, must protect it.

But research has shown breaches continue to occur in record numbers. For example, a 2015 Duke University/CFO Magazine Global Business Outlook Survey showed that more than 80% of chief financial officers of U.S. companies say their systems have been hacked.

Why are there so many data breaches today?

By Design: According to the New York Times story, “the Internet was created for openness and speed, but not for security.” Recommendations: Use the latest IT safeguards such as firewalls, two factor authentication, and anti-virus programs. Be careful about what you share online.

Relentless Thieves: Hackers today are very sophisticated and organized about finding online security holes and entry points. Recommendations: Don’t store more customer data than necessary, and put the right security safeguards in place.

Physical Theft and Loss: Dumpster diving and theft of documents and electronic devices are still common. The 2015 Data Breach Investigations Report by Verizon showed that 55% of theft incidents occurred within the victim’s work area. Recommendations: Put physical protection in place, implement a Clean Desk Policy, and partner with an information destruction company for secure paper shredding that provides locked security consoles and on- or off-site shredding.

Security Gaps are Everywhere: The Duke University study showed that 85% of firms with fewer than 1,000 employees indicated their systems have been successfully penetrated while 60% of larger companies have experienced breaches. Most industries are at risk too. All of the retail, agriculture, transportation, education, and healthcare/pharmaceutical organizations in a study by FireEye had been breached; 91% of entertainment and media organizations had. Recommendations: No matter what your size or industry, budget for data security and implement a comprehensive information security policy.

Human Error: The Verizon report showed that the top four attack patterns that accounted for nearly 90% of all incidents involved people. “Whether it’s goofing up, getting infected, behaving badly, or losing stuff, most incidents fall into an area where people are to blame,” said the report. For example, the report showed that 23% of recipients open phishing messages and 11% click on attachments. Recommendations: Create a culture of security from the top down including hands-on security and best practices training.

Find out why limiting insider access in your organization better protects your company’s reputation and assets.