A data breach, whether that of a personal computer or a company system, can be a scary thing. While personal computers often contain the information of an individual, work computers and company systems can include private information of multiple colleagues and customers, causing breaches of these systems to potentially affect dozens or hundreds of people. As such, it is important to keep this information as safe and secure as possible.
So, how do you spot a data breach and what steps can be taken to prevent it from happening in the first place?
How to detect a breach
Breaches can be difficult to spot, and it can often take companies a significant amount of time after the fact to realize they have been compromised. In fact, according to the Ponemon Institute Cost of a Data Breach study conducted in 2017, breaches that involve privilege misuse, cyber-espionage, and POS intrusions take on average 191 days to be discovered.
Time is of the essence with breaches, as much of the data is taken in the first few hours of the attack. Some indicators that your system has been compromised can include unexpected restarts, unusual and unexplained login times, and slower operating speeds. If these symptoms are noticed, it can be worth employing a cybersecurity professional who will be able to confirm or deny if a breach has occurred.
One of the best ways to ensure your company can detect any possible data breaches is to outsource and bring in cybersecurity professionals who are capable of detecting a breach and minimizing the damage that can occur from one.
How to prevent a data breach
According to many IT professionals, a company experiencing a data breach is a matter of when, rather than if. In saying that, it is still good practice to keep systems as safe and secure as possible. Many methods can be incorporated to boost security, including the following:
Bring in cybersecurity experts
Knowing who to contact in the case of a data breach is a good step, particularly as time is of the essence with these types of breaches. Cybersecurity professionals are often also trained in security methods such as ethical hacking. Ethical hacking (also referred to as penetration testing) refers to a security professional gaining approval from the company who hire them to simulate a cyber attack on a system to find any areas of weakness within it. Upon a successful test, the security company then shares its findings with the client and addresses ways in which the security can be improved.
Ensure staff use secure, unique passwords and change them regularly
People reusing passwords for multiple different logins can make it easier for those wishing to gain access to your account to do so. This is because if they crack the password for one login, they can then use it for multiple ones. Making sure the passwords used are secure is also important. Generally, a strong password contains letters (both lowercase and uppercase), numbers and symbols, arranged in a randomized order, with no dictionary words.
Use two-factor authentication (TFA)
Setting up TFA (2FA) for logins and system access can be beneficial, as it requires a user to enter a password, plus a code sent to their mobile phone. The more forms of security required to gain access to an account, the safer it should theoretically be.
Keep security software updated
Running security software on a system and ensuring it’s kept updated can help negate the ability for hackers to gain access to a system. Often, security software updates include patches which reduce the weak spots and vulnerabilities exposed in the software.
Ensure staff are trained in detecting phishing
Many data breaches occur through the use of phishing. Phishing refers to the act of sending emails to recipients, claiming to be reputable individuals or organizations, in an attempt to get the recipients to reveal personal information. According to the 2018 Verizon Data Breach Investigations Report (DBIR), 93 percent of all investigated breaches stemmed from financial pretexting and phishing. The report also found that 4 percent of individuals will click on a phishing campaign. One way to attempt to improve these statistics in an organization is through education and in-house testing.
The Vice President of multifamily operational risk for Freddie Mac Multifamily, Michael Kenney says training and testing help keep staff at Freddie Mac aware of possible dangers.
“We have training. We have tested. Our information security folks will perform phishing operations on our employees. If you get caught, you go into training. And you will get tested again,” he says.
While data breaches aren’t always preventable, ensuring security practices are in place can be a positive step in boosting a company’s safety (and, by extension, profits). Education of employees in creating secure, unique passwords, adopting two-factor authentication where possible, and identifying phishing attempts should not be neglected. Keeping security software up to date and bringing in experts to employ methods such as ethical hacking can also be extremely beneficial in increasing the security of an organization’s systems and protecting the information of its employees and customers alike.