Ë
By Security Features • July 16, 2019

How Small Mistakes Lead to Major Data Breaches

how-small-mistakes-lead-to-major-data-breaches_1500We keep seeing similar headlines over and over, “Expert Reveals Data Breach Could Have Been Easily Prevented”. That is often the case. The smallest mistakes can leave companies vulnerable to cyber attacks.

Four out of five of the top causes of data breaches are down to human or process error. In other words, human mistakes that could’ve been remedied with cybersecurity training or more careful consideration of security practices.
So, what are the types of misdemeanours that lead to major data breaches? And what can you do differently to reduce the risk of it happening to you?

Failure to update software
Software may have technical vulnerabilities which hackers can use to access your systems. When software creators locate these vulnerabilities they release patches to fix them. These patches come in the form of simple updates.

You have probably heard about the notorious Equifax breach, which compromised millions of records. It was later revealed that hackers broke in through a patchable vulnerability.

This should be a lesson. You must update all software and servers regularly. As soon as hackers learn of a vulnerability they actually seek out companies who may not have updated their software yet.

Weak or stolen passwords
You’d think that people would realize the importance of strong passwords by now. But, surprisingly, weak or stolen passwords are still a common cause of data breaches.

Network security company, WatchGuard attempted to crack over 355,000 government and military passwords as part of an investigation. Astonishingly, they managed to crack 50% within just two days. Some of the most common passwords they found were “123456” and “password”.

Hence, you and your colleagues need to create strong, unique passwords for every one of your accounts. Passwords should never be written down anywhere either. For an extra layer of protection, you may wish to use a VPN to encrypt the data you send online.

Unattended and unsecured Devices
Companies use numerous devices which either store data or can be used to access data. So, this includes items such as laptops and tablets, as well as storage devices such as external hard drives and flash drives. If a malicious individual steals or gets the chance to access such an item, it could be dangerous.

To give you a real-world example, an employee of private medical center, Cancer Care Group, made the mistake of leaving backup media with his laptop in his car. When it was stolen, thousands of patients’ private information was compromised.

The moral of the story is … Don’t leave important devices lying around. Also, ensure that all devices are secured with encryption.

Inadvertently sharing information
Criminals go to great lengths to trick people into thinking that they are a legitimate member of a company or organization. They send phishing emails claiming to be a colleague to encourage employees to share private information, such as login credentials.

This type of attack hit 144 US universities last year. Cybercriminals used a sophisticated phishing campaign targeted at professors which made them think they had accidentally logged out of their university accounts and must re-enter their details. This led to hackers stealing over 31 terabytes of information.

The above example proves the need for all employees to be vigilant and to check the credentials of anybody who tries to contact them through email or otherwise. We must also continue to educate ourselves on new threats as they arise.

Malicious downloads
There are several types of malware that can infect computers, and hackers are coming up with new forms every day. There are also many ways it can be planted, through a software vulnerability or if an employee clicks a malicious link, for example.

One serious data breach involved hackers sending a phishing email to four employees of RSA Security. It contained a malicious attachment that once clicked infected systems with malware. This created a backdoor to millions of employee records.

It’s pretty shocking that even a security firm can be breached in this way. And it was all down to one little mistake. The solution for your business is to create a cyberculture, in which everybody understands cyber risks. Furthermore, install the appropriate antivirus software.

Everybody makes mistakes. If security firms and intelligent people like professors can make small mistakes that lead to devastating data breaches, then so can you. It’s your job to limit those mistakes by implementing the right cybersecurity measures.

 

Read the original post at, CPO Magazine written by Matt Powell