Has Your Data Been Accessed? Yes It Has

If you think you haven't been the victim of a data breach, you are probably wrong. In fact, some experts think that more identities of those in the United States have been compromised than have not. It’s at the point that cyber criminals now may know more about us than companies with which we do business. In addition, Symantec reported that in 2015, additional tens of millions of personal records were stolen by or exposed to cyber criminals that were not reported. This is an 85% increase over the previous year. Security experts find this to be quite a disturbing trend.

Large companies that are targeted will likely be targeted multiple times in 2016. There are a few tips that both individuals and businesses can consider to help lower the risk.

For Individuals:

• Use strong passwords that are at least eight characters and contain upper and lower case letters, numbers, and special characters. Use a unique password for each online account and change them every three months if possible.
• Be certain that any links or attachments clicked are safe. Confirm those that are unexpected before taking any action to view them.
• Use anti-virus and anti-malware software on all devices. Keep it updated at all times. Make sure that all software products are kept up-to-date with the most current security and critical patches and that firmware is updated as well.
• When deciding on what software or apps to use, do the research on the products. Read the reviews and make sure they are from reputable companies. Don’t be afraid to pay for them and be wary of freebies. Those should be researched even more thoroughly. When downloading apps, use the official app stores for your devices. Sideloading adds additional risk.
• Limit what information you put on social media or disclose to anyone. The more you share publicly (even if it’s just to your friends, it’s still technically public), the more it may be used against you. This is particularly important on professional networking sites where you list your job title and function. Scammers often use that for business email compromise (BEC) scams.

For Businesses:

• Implement multi-layer security including firewalls, reputation-based technologies, multi-factor authentication, and strong password policies.
• Create an incident response plan (IRP). Practice what is included and review it annually and when response team members change or their information changes.
• Provide ongoing training and education on security practices, procedures, and threat prevention. Make sure to include training on what is sensitive data, how to protect it, and what to do if a compromise occurs. Then make sure to test your users and address weaknesses appropriately.

Attributing to all the data exposure were several large breaches including Anthem (80 million), Premera Blue Cross (11 million), Avid Live Media (37 million) and the OPM breach (21.5 million at last count).

© Copyright 2016 Stickley on Security