With hackers and spammers becoming more sophisticated, companies are at greater risk for data breaches. Recent statistics show 43 percent of companies experienced a data breach in the past year. Big or small, company owners are in the position to learn from high-profile breaches and make the necessary adjustments to protect the lifeline of their business.
Several high-profile breaches impacted companies across the country in the last few years. The influx of this crime shows how vulnerable even major corporations are to these kind of attacks.
Target: At the end of 2013, Target, experienced an expansive breach between November 27 and December 15 — one of the busiest shopping times of the year. More than 40 million debit and credit cards were compromised by retrieving data stored on magnetic strips. Criminals had access to names, account numbers and three digit security codes to make it possible to withdraw money from ATM machines and make fraudulent purchases.
Home Depot: In Home Depot’s security breach, 53 million email addresses were compromised. In addition, 56 million credit and debt card numbers were stolen. Hackers used custom-built malware to target the computer network to obtain this information.
Sony: Savvy not only leaked five previously unreleased movies online, but also managed to access Social Security numbers of more than 15,000 employees. These stolen numbers appeared more than 1.1 million times across various publicly posted sites across the Web.
JP Morgan Chase: The country’s largest bank in terms of assets became the target of thieves in 2014. More than 76 million households and seven million businesses were impacted by this breach. As a result, thieves obtained names, addresses, account numbers and email information.
Detecting & Responding to Breaches
Given the widespread issue with data security breaches, companies must have a system to respond quickly should data be compromised. Recent data indicates 31 percent of small businesses have no plans in place to respond to a breach and more than 20 percent don’t know where to start should data be compromised. In addition, some businesses assume they are protected without verifying if this is the case and others assume a general liability insurance will cover any losses. Companies don’t invest in the right software to protect themselves from the variety of cyber attacks that may include advanced persistent threats, malware, phishing or password breaches. It is important to devise a plan to respond to every type of threat.
How Businesses Protect Themselves
What should businesses implement to prevent a breach from occurring?
1) Practice (run a drill) on your response plan: Companies should run a mock drill on how to respond prior to a breach happening. Becoming familiar with the plan of action will help minimize damage from a potential breach.
2) Educate staff members on the perils of a breach: Teach your staff the warning signs of a company breach. It is also a good idea for your employees to recognize if their personal data is compromised. LifeLock is a great resource for individuals to consult should a breach occur on their personal data.
3) Update your software: The worst thing to do is to wait on a relevant and crucial software update. Hackers look for these kind of holes and are ready to attack if they determine there is a lapse.
4) Implement security policies: Frequently update passwords with strong combinations. Company devices used outside of the office should be accessed over a network employees trust. In response to cyber attacks, Target changed more than 400,000 passwords to prevent another breach. Sony also reissued new computers to employees after the breach occurred on their network.
5) Invest in cyber insurance: To minimize collateral damage, companies should invest in an insurance policy to cover the losses from a breach. Equipping yourself with this insurance will aid in helping your company bounce back quicker from a breach.