Data breaches seem to happening left and right these days, and companies of all different types and sizes are getting targeted. Has there been some sort of uprising of cybercriminals or are these companies just being careless? Let’s take a look at some of the reasons these data breaches occur.
Typically when you think of data breach, you think of a malicious cyber-attack. There’s no one reason why hackers do what they do. Sometimes they are after your banking information or intellectual property for financial gain. Other times they are just having fun or trying to prove a point, disrupting your business in the process. For these reasons, there doesn’t seem to be any single type of company that gets targeted, anyone can become the victim of a cyber-attack.
Hacking methods are becoming more advanced, and every year there are new ways to use software vulnerabilities to gain access to your information. Just recently Mozilla’s Firefox had to go through a significant update to protect its users from a vulnerability that could allow files to be stolen from their computers. Make sure that your software and web browsers are always up to date and be aware of malware that will try to circumnavigate your security controls through spyware, backdoor access points, etc.
Loss or Theft of a Device
This one of the simplest ways a data breach occurs. Someone in your organization drops a flash drive at a conference, misplaces an external hard drive in a move, or leaves a laptop behind in a taxi. Even worse is when that device is actually known to have been stolen and your company’s data is in the wrong hands. You don’t know what the thief’s intentions are and if they have plans for that data.
The worst part about a lost or stolen device is trying to figure out exactly what kind of information was on the device. The device is now out of your control and several different types and pieces of data could potentially be exposed.
While we do our best to avoid these situations, sometimes things happen. Consider implementing a BYOD policy for your organization, and keep regular backups of all your devices to help mitigate data loss.
Weak Security Controls
Having weak security seems like an obvious way to become the next victim of a cyber-attack, yet this is still a common cause of data breaches. This doesn’t mean you need to rush out today and invest in the latest, state of the art, impenetrable network security. The strongest security infrastructure won’t be effective if you don’t have the right security controls in place.
Most of the time, becoming more secure is as simple as having stronger passwords or multifactor authentication. According to Verizon’s “2015 Data Breach Investigations Report”, 76% of network intrusions were a result of weak credentials. Hackers would guess passwords, use specific tools to crack passwords, or try passwords used on other sites. Passwords were also stolen using malware or phishing attacks.
However, even with strong credential systems, companies can leave their information vulnerable if they are mismanaging access controls. Often times, employees are able to view and transport information they don’t need access to, which increases the chances of that information getting leaked. Those odds get stacked when that information is also readily accessible on mobile devices that can be easily lost or stolen, as I mentioned above.
Could you be next?
Do you think your organization is at risk of experiencing a document security breach? Use our risk grader to quickly assess your company’s risk and see what you can do to secure your information.