Notorious Data Breaches of 2016 – And What We Learned
Some of the largest and most notorious data breaches occurred this past year around the world.
While organizations had to deal with financial ramifications and other fall-out, it’s important to understand why they occurred and identify safeguards that will help prevent similar data breaches in the future.
Here’s what these recent data breaches have taught us about information security:
Take cyber risk seriously: One of the biggest data breach incidents occurred when tens of thousands of customer accounts from a large U.K. supermarket chain were compromised, and the organization had to suspend online operations. Despite growing awareness of cyber breach risks, commented a security expert online, some businesses are still not taking cyber risk seriously. Solution: Acknowledge that cyber risk is much more than an IT problem, and take a balanced security approach with up-to-date network security, automated security enforcement, and access control and other safeguards to help reduce employee error.
Teach employees well: When a community college employee in Virginia received a request from a fake email address asking for employee information, the individual sent sensitive information including names, earnings, and Social Security numbers. Solution: Implement a culture of security in the workplace, and provide on-going employee training. Employees must be aware of phishing scams and other cyber security risks in order to recognize red flags and make security-minded decisions.
Practice good password hygiene: Weak and reused passwords caused all kinds of 2016 data breach problems. Dozens of celebrities had their Twitter accounts taken over, for example, and even the CEO of a popular social media website had his social media accounts hacked. The workplace is just as vulnerable. Solution: Create strong passwords. Be cautious when opening password-protected files. Don’t ‘remember password’ on public computers. Never leave passwords in open computer files or on sticky notes.
Control insider access: An insider attack at a software firm put the personal data of employees at 280 businesses at risk. "We are investigating unauthorized access to customer information using an internal login," explained a company statement. Solution: Organizations should take a more aggressive stance towards insider fraudsters with identity and access management and data loss prevention.
Carefully vet third parties: A major restaurant chain in the U.S. was the victim of malware compromising its third-party point of sale (POS) systems. Two different strains of malware were found, and more than 300 restaurants were compromised. Solution: Mitigate third party risk with a multi-layered defence strategy, warns a securitymagazine.com post. Assess the vendor’s security standards, and consider creating a service-level agreement.
Better protect mobile devices: A data breach was reported by a healthcare group in the U.S. when an unencrypted laptop containing sensitive data from hundreds of thousands of patients was stolen. Solution: Use encryption on all mobile devices. Teach employees to be mindful of confidential information risks outside of the office. Never leave devices unattended. Remove only the confidential information that is necessary. Securely destroy paper and digital information that is no longer needed.
Keep business data safe by putting all of the latest data security best practices in place.