2019 was not a good year for data breaches. In fact, research firm Risk Based Security called 2019 "the worst year on record" for breaches, with over 5,100 breaches in the first nine months of the year alone exposing 7.9 billion records. This number represented a 33% increase from the same time period in 2018.
One might think we've used our knowledge of previous cybersecurity attacks to better understand how to prevent a data breach, but this, unfortunately, is not the case. In the first quarter of 2020, data breaches exposed records at a rate increase of 273% over last year. Big names like Twitter, Marriott (who also experienced a major breach in September 2018), MGM and Zoom all became victims of data breaches earlier this year. And, hackers have used the COVID-19 to their advantage with social engineering scams rising during the pandemic.
Companies have grown more aware of the various types of data breaches and their impact on their brand, reputation and customer loyalty, not to mention the costs involved to properly notify all parties of the breach. It's more important than ever that all businesses understand how to recognize the early warning signs of a data breach, the steps they can take to help prevent them, and how to protect themselves from certain lossesincurred from a cyberattack.
How to Recognize a Data Breach
First and foremost, businesses of all sizes need to stay informed. This means learning about the different types of cybersecurity attacksthey may be vulnerable to, such as phishing scams, social engineering andransomware, and providing robust employee training to help avoid them.
Additionally, some of the warning signs to watch for that can help you detect a data breach early include:
Unusual Behavior: If a program acts up, it could simply be a software or hardware malfunction, but it could be something much worse. Check the system for other irregularities.
Suspicious Files: If malware is detected or a user reports opening a suspicious file, don't take any chances. Assume that the malware has infected something, and don't stop investigating until you find out what, if anything, was breached.
Compromised System Communications: Regularly review communication patterns on the network. If an employee's computer is accessing other workstations or transmitting large amounts of data to somewhere outside of the network, this could be a sign of a compromise.
Outdated Security Programs: Keep anti-virus and anti-malware programs up-to-date. Also, run vulnerability programs, such as Microsoft Baseline Security Analyzer, to look for missing patches and other security risks.
Changes in Credit Ratings: Customer information isn't the only confidential data on the server. Chances are, there's plenty of information about your own company, too. Changes in your credit rating could be an indication of fraud and a sign of a data breach.
How to Prevent Data Breaches
Now that you understand the warning signs of a data breach, the next step is to understand some of the security measures your business can take to prevent them. In the spirit of National Cybersecurity Awareness Month, here are some data breach prevention tips to keep in mind throughout the year.
Data Breach Prevention Tip #1: Set Security Protocols on Company Premises
Security protocols should include the cybersecurity policies and procedures needed to help keep sensitive company information safe. Creating protocols is one of the best ways to help prevent data theft by ensuring unauthorized personnel do not have access to data. Only authorized employees should be allowed to view sensitive information. Businesses should have a clear understanding of the data that could become compromised to mitigate the risk of a cybersecurity attack.
Data Breach Prevention Tip #2: Understand How to Classify Data
Classifying data within an organization helps businesses understand what level of protection it requires. All data can pose a risk to a business. Use the "5 Ws" questions - what, who, where, when and why - used by journalism professionals or police investigators to fully understand the complete story of the type of data that needs safeguarding.
Data Breach Prevention Tip #3: Keep Data Safeguarded
Many data breaches result from employee error, so ensure all employees are well-trainedon how to keep sensitive information protected. Employees should only have access to the information vital to their particular roles within the company. Additionally, consider records retention programs requiring employees to purge files both on their computers and any hard copies they keep (according to the program), destroying the information properly. This means using special software designed to wipe the hard drive or regularly shredding paper files.
Data Breach Prevention Tip #4: Implement Password Protection
One of the best things a small business can do to stay protected from a data breach is to utilize strong passwords for every site accessed daily. Tips for creating strong passwordsinclude creating unique passwords for different accounts and using a mix of letters, numbers and symbols. Additionally, passwords should never be shared amongst employees or kept written down where others can see them.
Data Breach Prevention Tip #5: Update Security Software Regularly
Companies should utilize firewalls, anti-virus software and anti-spyware programs to ensure that hackers cannot easily access sensitive data. However, these security programs also require regular updates to keep them free from vulnerabilities, so make sure to check any software vendors' websites to learn about upcoming security patches and other updates.
National Cybersecurity Awareness Month: If You Connect it, Protect it
National Cybersecurity Awareness Month (NCSAM) kicked off its 17th year this October to ensure every American understands the importance of cybersecurity This year's theme is "If you connect it, protect it," serving as a reminder that everyone, from individuals to large corporations, must do their part to keep our interconnected world safe and resilient.
Enter your email address below and we will send you a link to reset your password.
Disclaimer: WorkersCompensation.com publishes independently generated writings from a variety of workers' compensation industry stakeholders. The opinions expressed are solely those of the author and do not necessarily reflect those of WorkersCompensation.com.