By Limor Wainstein, Technical writer
Cybercrime is possibly the ideal crime: very profitable, scalable and relatively low risk. As our lives become more dependent on the online world, it is little wonder that cybercrime is escalating. 2018 saw many high-profile attacks on our cybersecurity. But, giant corporations are not the only ones at risk. Mid and small size business can also be at the receiving end of cybercrime. Thus, it is essential to protect your business against potential data breaches.
Protection involves having an effective cybersecurity plan in place and keeping up to date with the latest cybersecurity threats and data breaches. In this page, you will about 9 tips to safeguard your business and 4 top data breaches that made headlines in 2018 and lessons learned, so your business can stay well clear of a cybersecurity disaster in 2019.
Tools and Processes to Safeguard your Business from Cybersecurity Disaster
The world of online business can offer the potential for growth and success however it can also be a breeding ground for security risks and scams. A single successful attack can gravely harm your business. It can also result in a financial loss for you and your customers, and affect your business’s name.
Let’s take a look at 9 tips your business can use to protect itself and its customers.
Tip #1 Back up your data
This can help you recover your data, or lessen the damage, in the event of a data breach. Your business should regularly backup sensitive data, from business plans and financial records to personal records and information of your customers. Portable devices must not remain connected to the computer and should be stored offsite.
Tip #2 Secure your devices and computer
Install security software on your business devices and computers. Make sure it includes anti-spyware, anti-virus, and anti-spam filters. Set up your security software to run updates automatically, to help protect against recent viruses and attacks.
Tip #3 Encrypt sensitive data
Encrypt your data when it travels online or is stored, to ensure that only approved users can access data.
Tip #4 Use a spam filter and install a firewall to safeguard your internal networks
Spam filters can help limit the number of spam and phishing emails your business gets. Set up a firewall on every portable business device. Ensure they are patched and updated to stop threats from entering your network.
Tip #5 Choose strong passwords and manage administrative passwords
Modify all default passwords. Change all your passwords to something that hackers can’t readily guess. An administrator’s account can potentially provide a hacker with access to your business’s network.
Tip #6 Use SIEM solutions
Security Information and Event Management (SIEM) solutions can assist your business’s security team. SIEM solutions can help your security team manage isolate threats in real time, incident response, conduct a forensic investigation on security incidents, and create audits for the purpose of compliance.
Tip #8 Educate your staff
Train your staff to be safe online, and inform them of the threats they can meet online. Your staff plays a central role in keeping your business secure. They need to know about their computer privileges and responsibilities, and their level of network access.
Tip #9 Protect your customers
All businesses, irrespective of size, should protect their customer information database. Leaking sensitive customer information can have legal consequences and can damage the reputation of your business.
4 Top Data Breaches of 2018
It is important for your business to stay up to date with the latest security risks and scams. Let’s take a look at 4 data breaches that made headlines in 2018, and lessons learned.
In June 2018, it became common knowledge that Exactis had left its database vulnerable and open to the public, leaking the records of close to 340 million people. This impacted approximately 110 million businesses and 230 million US consumers. Exactis collects and compiles consumer and business data from individuals who use websites that employ cookies.
The leaked data included information such as home and email address, phone numbers, interests and details about individual’s children. It may have also included information about people’s religions, pet details, and personal practices. Exactas is facing a first-class action lawsuit.
Lesson learned: Sensitive information use should always be in keeping with a least privilege approach. Individuals should always need authorized access to view such data.
In September 2018, Facebook discovered the largest breach it has experienced since its creation. This Facebook breach was carried out by taking advantage of multiple bugs related to its feature known as View As. The hackers capitalized on these vulnerabilities, and as a result, compromised the data of 50 million users. The hackers also accessed related platforms such as Airbnb, Instagram, and Spotify.
Lesson learned: Appreciate how addictive social media can be and safeguard your network endpoints. As there is a sizable overlap between business and personal devices, an endpoint breach will often allow a hacker to access your business’s information.
- Marriott International
Hackers gained access to the guest reservation database of Marriott and Starwood, accessing the sensitive data of around 500 million customers. This data included credit card numbers and expiry dates, bank details, passport details, personal information, and arrival-departure dates. In November 2018, individuals detected the breach. The hackers were able to leverage the insufficient security solution used by the Marriot.
The data was encrypted however the hackers gained access to the decryption key. The users involved are now vulnerable to financial theft, identity theft, phishing and more.
Lesson learned: Organizations of this magnitude should have adequate security measures in place. This is not the initial security breach faced by Marriott, so it is inexcusable that they did not invest in sufficient cybersecurity.
- under Armour / My Fitness Pay App
In February 2018, unauthorized persons accessed the data of Under Armour’s MyFitnessPal App. This was one of the largest data breaches known in history. Hackers compromised data such as usernames, scrambled passwords, and email addresses. 150,000,000 app users were involved. Individuals unearthed the breach in March 25th and users were told to change their passwords four days later.
Because Under Armour hashed the passwords and processed user’s credit card information separately, the breach was not as disastrous as it could have been. Also, individuals identified the breach relatively quickly. The party behind the breach remains unknown.
Lesson learned: Mobile apps provide the potential for a sizable user base. So it is the role of the developer to ensure they are hashing email addresses and passwords, to protect against potential cybersecurity incidents.
Every business regardless of its size must ensure that their customer and user data is secure. While giant companies may be able to recover from lapses in cybersecurity and data breaches because of their infrastructural, legal and financial might, a smaller business may not be able to rally. As smaller players typically find it difficult to regain customer trust and lack the resources to fight class suits and litigation battles. It is always advisable to invest in a reliable proactive cybersecurity approach. As they say, it’s better to be safe than sorry.
About the Author
Limor is a technical writer and editor at Agile SEO, a boutique digital marketing agency focused on technology and SaaS markets. She has over 10 years’ experience writing technical articles and documentation for various audiences, including technical on-site content, software documentation, and dev guides. She specializes in big data analytics, computer/network security, middleware, software development, and APIs.