October 11, 2018

Minimize Data Breach Risk: 9 Mistakes to Avoid

When it comes to data breach risk in the workplace, cyber criminals often get all the attention.

But research has shown that employees can be the most worrisome –and weakest – link. For example, a recent Intermedia report found that 93% of employees engage in at least one form of poor data security. You may not realize that some of your everyday office activities are putting you at risk, and even if you do, it can be easy to slip-up now and again.

Type of Unconventional Data Breaches

One of the major mistakes companies often make when creating a prevention strategy for data breaches is taking a one-size-fits-all approach, wrote Michael Bruemmer of Experian Data Breach Resolution.

Experts have found that not every data breach fits a standard pattern. It depends on why thieves want the information.

Here are a few examples of some of the different types of data breaches on the threat horizon today.   

Conventional Data Breach

Information thieves launch a cyber attack and copy or transmit confidential data. Identity theft motivated 53% of these breach incidents in 2015, according to Safenet-inc.com, a data protection company.The most sought-after information is personally identifiable information (PII), which can be used to open lines of credit and re-direct tax funds. Thieves also sell financial information. While credit and debit card numbers are still being targeted, new EMV chip cards protect against the conventional data breach because the cards don't share account data or any personal information. 

Secondary Data Breach

When there’s a ‘secondary’ motive, cyber criminals hack into a website and use malware with the intention that the true target will become infected. In effect, the owner of the website is just a stepping stone to the real victim, according to the 2015 Data Breach Investigations Report.

Data Breach to Embarrass Organization or Person

Cyber thieves use stolen information to embarrass an organization or an individual. A good example is the high profile breach against the adultery website. Clients of the website were embarrassed by the affiliation.   

Data Breach for Activism

Issue-motivated attacks can damage an organization’s reputation too. The hackers of the adultery website actually wanted to shut it down. Any organization is at risk for this type of attack. Environmental extremists might target an energy company. ‘Hacktivists’ might expose a company’s labor practices. While customers are not a primary target, they are often affected because their information is exposed, said Bruemmer in a recent online blog

Harm Data Breach to Cause Nuisance or Harm

In 2015, ‘nuisance’ breaches accounted for a small but significant number of breaches. Information thieves stole seemingly innocuous information such as email exchanges – and then used it to harm individuals and companies. A survey from the Medical Identity Fraud Alliance found 45% of victims were harmed when their personal health conditions were exposed. Not only was it embarrassing but the information may have impacted employment and other opportunities.

Small and large organizations should be prepared for all types of data breaches. 

9 Common Mistakes That Increase the Risk of Data Breaches in Your Company

Here are 9 common types of security risks that can put an organization in danger of a data breach and simple solutions to keep you secure.

  1. Delaying patching. Software companies regularly issue patches to fix security and other vulnerabilities in computer and network systems, and these are a common IT risk for a security breach. The longer the delay, the greater the opportunity for hackers. Solution: Deploy patches right away to avoid network security risks.
  2. Leaving computers unlocked and unattended. Over 25% of workers surveyed by Shred-it leave their computers unlocked and unattended, creating computer security risks. Solution: Lock all devices – use a screen lock and if possible, lock the device in a drawer or office – when leaving the area temporarily or for a longer time. In the workplace, a Clean Desk Policy is recommended to help emphasize and teach security-driven procedures.
  3. Clicking on links or email attachments.  Attackers have gotten good at creating email messages that look legitimate. But these phishing scams can introduce malware or fake websites that collect confidential information. Solution: Double-check the URL (hover over links/hyperlinks). If it doesn’t match the link or looks suspicious in any way, don’t click on it. Don’t open unexpected attachments. 
  4. Using sticky notes for confidential information.  Writing down an account number or password and sticking it in an easy-to-see location means anyone walking by can steal it.  Solution: Lock away all confidential information - do not expose it for all to see, and use a password manager.
  5. Using the same weak password for everything. A Norrie Johnston Recruitment report showed that 23% of employees use the same password for different work applications. Solution: Create strong passwords (use a pass phrase and numbers and symbols) for different accounts.
  6. Downloading mobile apps. Cyber security in the workplace extends beyond the desktop. Downloading apps without reviewing them carefully (including privacy policies) can introduce malware to your mobile devices as well. There are often risky access permissions required too.  Solution: Don’t download unapproved apps to corporate devices, and limit permissions on mobile devices.
  7. Leaving private papers on your desk or in meeting rooms. Insider fraudsters can steal data either by visual hacking or physical theft. Solution: Never leave confidential data unattended, and be conscious of this in meetings. Securely shred confidential papers that are no longer needed.
  8. Putting confidential papers into the recycling bin. Dumpster divers go through recycling bins looking for sensitive information. Solution: Have all paper documents securely destroyed when no longer needed. A Shred-it all Policy is recommended.
  9. Forgetting to pick up printed documents. Leaving printed papers in the copier machine is risky because anyone can pick them up. Solution: Pick up anything you print right away. Consider implementing password-protected printing in your workplace.

Best practices to prevent data breach

  • Assess the types of customer records being stored and practice good data hygiene. Secure records that have obvious value to information thieves. Secure other records that may seem less valuable but if exposed could be used against the company or customers.  

  • Equip devices with the best safeguards including firewalls, multi-factor authentication, encryption and up-to-date anti-virus software.

  • Restrict access to sensitive data, and use a comprehensive document management process.  

  • Provide on-going security awareness training.

  • Update the incident response plan regularly – and practice it so everyone knows what to do when there’s a cyber attack.  

  • Partner with a document destruction company that has a chain of custody and secure on- or off-site destruction services for both paper and digital information.  

Implementing a clean desk policy can ensure your office place reduces the risk of internal fraud.

Start Protecting Your Business From Data Breaches Today

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.