Our partners at ID Agent have reviewed some of the biggest data breaches of 2019 to illustrate the cost of lax security, sloppy data handling, and human error; and provide you with insight into how they could have been avoided. Here are three key lessons to learn from their research. Fixing these mistakes now will make sure that you’re ready to defend against tomorrow’s threats.
It’s Easy to be Fooled by Spear Phishing
Cybercriminals love using targeted phishing attacks, delivered via well-crafted fake emails from official-looking addresses. That’s exactly what happened to nine staffers at the Oregon Department of Human Services . A spear phishing attack convinced them to provide their login credentials to the attackers. In the three weeks it took to detect the intrusion, 625,000 patient records and 2.5 million emails were compromised.
The lesson? Human error is the number one cause of cybersecurity incidents, and phishing attacks are the number one cause of a breach. Never stop testing and training your staff!
Keep Your Enemies Close
When your essential information ends up on the Dark Web, it can be used in many more ways than you might think. Personal details like usernames, locations, and old passwords enable cybercriminals to attack companies in a variety of ways including credential stuffing. That’s what happened to Dunkin Donuts. Using credential stuffing, bad actors were able to breach their data and gain access to thousands of customer accounts.
The lesson? Thousands of passwords hit the Dark Web every day, and password lists are cheap. You don’t even have to suffer a breach to be in danger of one because of another company’s lax security. Stolen data from any source can become a data breach for your company. Add a solution like Dark Web ID to monitor the Dark Web for suspicious activity 24/7/365, so your company can know when your employee or customer passwords or data is compromised to take action sooner.
Cover All Your Bases
Of course, the fastest way to get your data stolen is to not secure it at all. Companies of every size make this crucial mistake, and it’s always costly. Verifications.io, an email validation service, stored the personally identifiable data of millions of users in a database that wasn’t even password protected. Over 2 million people had their information exposed in that breach, ready to be sold or traded on the Dark Web.
The lesson? Laziness always comes back to bite you later. It pays to pay attention to detail and enforce proper data handling and storage procedures constantly because sloppy data handling is a fast road to a costly and troublesome breach. Search out simple vulnerabilities like this and make sure that you’re using a digital risk protection platform that is up to the challenge of securing today’s remote workforce.
Contact us today to make an appointment for a FREE personalized demonstration of Dark Web ID, including a real-time Dark Web search to show you your business’s risks, and information on how we can help you mitigate them!
Article used with permission from ID Agent