What to Do During a Data Breach
In the business world, a data breach is an unauthorized or unwanted entry into a computer system that allows cyber hackers to access customer data such as passwords, credit card information, Social Security numbers, banking information or even medical information. Data breaches are not only a costly expense, but they can do irreversible damage to a businesses’ reputation.
We are all familiar with computer hacks and cybercriminals, but some may not be familiar with the tools and expertise to deal with these breaches while they’re happening. While some cybersecurity issues should fall to IT professionals, there are tasks that individuals and team members can do during a data breach.
Data Breach Basics
Globally, data breaches cost companies an average of $3.86 million, according to a study by the Ponemon Institute. This means that at $148 on average per stolen record, online crime is a real threat to anyone!
Hackers seek personally identifiable information to steal money, compromise identities, or sell personal information over the dark web. Data breaches can occur for a number of reasons, but targeted attacks are typically carried out in these four ways:
Vulnerable systems. Out-of-date software can create a hole that allows an attacker to sneak malware onto a computer and steal data.
Weak passwords. Weak and insecure user passwords are easier for hackers to guess, especially if a password contains whole words or phrases. Experts advise against simple passwords, and in favor of unique, complex passwords.
Drive-by downloads. Unintentional virus or malware downloads can happen by simply visiting a compromised webpage. A drive-by download will typically take advantage of a browser, application, or operating system that is out of date or has a security flaw.
Targeted malware attacks. Attackers use spam and phishing email tactics to try to trick the user into revealing user credentials, downloading malware attachments, or directing users to vulnerable websites. Email is a common way for malware to end up on computers.
Help! My Data is Being Breached!
Although a data breach may not feel like a physical attack, there are some tasks that can help during a cyber hack. Of course, the best way to prevent cybercrime is during prevention, mitigating the effects of a data breach can save data, time and money.
Assess the situation. Is this a real attack or just a technical malfunction? Contact those in the organization that can identify the source and destination of the compromise. Is it a virus, a worm or is it someone not authorized to access particular information? Look at logs for anomalies and have them ready for review.
Minimize the damage. This could include using firewall rules to block the offending traffic, notifying your ISP to block the offender further upstream and blocking or monitoring the intruder’s activity. Also, consider taking your entire system offline to mitigate the possibility of the threat spreading deeper.
Get your backups ready. Depending on the type of data breach, it may be necessary to do a restore from a backup. The quality and thoroughness of the data restored is only as good as the backup system used.
Notify authorities. Bring the incident to the attention of law enforcement, industry associations, company personnel and any potential victims that may be affected by the attack. These notifications may prevent others from propagating the damage done by the attack. Failure to notify these potential victims could lead to unwanted legal action.
Data Breach Prevention
An ounce of prevention is worth a pound of cure as the saying goes. Nothing could be truer than having the right systems and technology in place to stop a data breach before it happens. As noted above, an experienced and skilled IT professional should have a system ready for a cyber attack. But there are a few things that team members can do as well.
Secure your phone. Texting and messaging on unsecured smartphones or without a specific encryption program can lead to data breaches. For those in healthcare or other industries with critical security needs, consider encryption technology to prevent mobile data from being stolen.
Use strong, secure passwords. Use complex and unique passwords for all internal and external accounts. Lock cell phones with passcodes, especially those transmitting sensitive data. There are password management programs that can make this task easier to manage.
Monitor your bank and other financial accounts. Check your accounts on a regular basis for unfamiliar activity. And if the companies offer activity alerts via text or email, it may make sense to sign up for them.
Use only secure URLs. Reputable sites begin with https://. The “s” is key. This is especially important when entering credit card or other personal information.
Implement high-quality security software. Install and use a software suite that includes malware and virus protection — and always keep it updated.
Avoid oversharing on social media. Never post anything pertaining to sensitive information and adjust your settings to make your profiles private. While you’re at it, hold off sharing vacation pics on social media while you’re still on vacation. That tells everyone your house may be sitting empty, a perfect target for burglary.
Don’t be a Victim of a Data Breach
Cyber attacks take place every day all over the world. As with most criminals, hackers look for the vulnerable and weak to exploit. Having a cybersecurity plan and using some common sense can prevent the likelihood of suffering a data breach.