Today, data breaches and leaks are increasingly common. This year alone, the number of data breaches recorded has almost doubled, compared to last year, with 3,950 confirmed breaches so far in 2020. These breaches can affect companies and organizations ranging all the way from SMEs (small and medium-sized enterprises) to giant corporations with millions of customer records on file.
The impact of data breaches or leaks (or, as it should be known, data theft) can be extremely serious and damaging — which is exactly why proper cyber security is essential. The typical data breach costs companies upwards of $3.8 million, while also severely denting customer trust and encouraging additional regulatory scrutiny in the future.
Things could be about to get a lot worse, too. As a result of the current coronavirus pandemic, workforces have been working remotely, requiring companies and organizations to rapidly adapt in order to make this kind of workflow possible. This pivot brings new challenges when it comes to protecting against data breaches.
Practice good cyber security hygiene
Data breaches may be the result of malicious actions carried out by attackers or human error on the part of those who work for companies. (Or sometimes a combination of both.) In some instances, databases can be left open, while in others social engineering tactics are used to persuade individuals to erroneously hand over crucial identifying information by posing as legitimate sources.
Even the cyber security industry isn’t beyond reproach when it comes to practicing proper cybersecurity hygiene. For example, a report published this year suggests that 97 percent of current leading cyber security companies have experienced data leaks and related cyber security incidents that have left them exposed on the Dark Web. In some cases, professional email addresses have been used for logins on pornography and dating websites, with thousands of these stolen credentials then made available in a way that opens up their usage by hackers. Furthermore, even cyber security experts sometimes employ weak passwords that are routinely reused, including passwords with under eight characters, no special characters, and zero capital letters. These include passwords such as “password” and “123456.” They may also employ outdated software without the proper Web Application Firewall (WAF) technology, among other glaring faults.
In short, even among seemingly genuine cyber security companies, there are vulnerabilities and problems — and these are from alleged experts who should know what they are doing. If that is the case, what hope do less informed companies have when it comes to protecting themselves?
Take the proper precautions
More than ever, it’s absolutely crucial that companies take proper precautions when it comes to cyber security measures. The risks of not doing so are simply too great to contemplate. Fortunately, there are steps that can be taken to greatly improve cyber security efforts. Perhaps the most important of these is also the most straightforward: Use strong password policies for all employees. This means avoiding the obvious passwords, including ones that you’ve been reusing on multiple websites for years. These may have already been breached in previous hacks and may be available for sale on the Dark Web.
Even if you are using a new password, simple passwords can be cracked by hackers using brute force tools to guess millions or billions of attempted passwords every single second. When it comes to passwords, the longer and more complicated the password, the better. These have a much better chance of avoiding being guessed in brute force attacks. They may take a bit longer to type when you need to enter them, but the extra time is more than worth the effort.
Companies should additionally make sure that they implement limits to the number of times passwords may be incorrectly entered. Giving employees a limited number of guesses before locking them out for a certain length of time can help reduce the effectiveness of brute force attacks that guess large numbers of passwords quickly.
Proper cyber security is a must
It’s also a great idea to employ Multi-factor authentication (MFA), requiring two or more pieces of evidence on the part of users to prove their identity. That is typically a piece of knowledge (such as a known password), combined with a possession (for example, texting a code to the user’s phone) or a piece of biometric data like a fingerprint. This will help safeguard against potential data breaches.
While we mentioned earlier that cyber security experts aren’t always infallible, that doesn’t mean it’s not worth bringing the right ones on board to help you. Cyber security systems can help add data security solutions for databases, assisting you in discovering vulnerabilities you may not be aware of so you can take action, detecting when certain data is accessed and by who, and more. As ever, make sure that you do your due diligence when it comes to choosing the right cyber security experts to help.
Proper cyber security is no longer an optional extra. It’s a “must” for any modern business or organization that doesn’t want to run the risk of a data breach. Fortunately, while there are hackers out there who are looking for any opportunity they can find to hurt innocent victims, the tools are also out there to help victims fight back.