Same Problem, Different Landscape
Reading about data breaches on paper never does the concept justice. Hearing that data breaches in 2017 were – and continue to be – “big problems” for all types of organizations can desensitize us to the true implications of a data breach event.
The inevitability of data breaches can leave companies feeling defeated, and the monetary losses tied to these security incidents only adds to the damages. Throw in the thought of unhappy complaints from customers or clients about protecting their sensitive information, dealing with the legal consequences and hits to your business’ public reputation – and you’ve got yourself a perfect data breach storm.
The truth is that a data breach will impact more than just the business itself. It affects customers, clients, employees and vendors too. Let’s review some of the data breaches that occurred in 2017, see what we can learn from the mistakes that were made and improve overall data breach prevention and response in the new year.
Data Breaches in 2017: The Bad, The Ugly, the Unbearable
Two major discussions surrounding data breaches came to light after a few notable data breach events. Experts honed in on companies’ failure to disclose data breach events, as well as the breaches caused by mistakes made in handling sensitive data.
Uber: Breach Notification Violations Do Have Consequences
Uber’s 2017 data breach highlighted the consequences that a company faces when a data breach event is not properly handled. When the breach first occurred in October 2016, the company responded by paying hackers $100,000 to delete the stolen information and keep quiet about the breach.
Spoiler Alert: No, the hackers did not hold up their end of the deal.
Unfortunately, the breach affecting 57 million users and drivers was officially confirmed a year later, and the company has been fined for violating multiple breach notification laws.
Equifax & Alteryx: Small Oversights Lead to Big Breaches
The Equifax and Alteryx breaches grabbed the attention of media outlets, bloggers, security experts, social media users and more. Arguably the two most prominent data breaches in 2017, the companies were breached due to small oversights in cloud configuration and software patching.
We want to believe that hackers stormed these companies’ walls by brute force. But the reality is that these companies simply left some back doors open. Hackers gained access to Equifax’s sensitive customer files – exposing 145.5 million U.S. consumers – by exploiting a security vulnerability in one of its online applications.
The Alteryx data breach, on the other hand, was caused by a mistake in cloud configuration. The personal and behavioral information of 123 million American households was exposed after the files were uploaded to the cloud database without the proper security settings in place.
Data Breaches in 2018
The world’s attention is honing in on data breaches and cybersecurity incidents. Big-name and small companies alike are making headlines, sparking discussions about proper data handling, and even pushing to make changes to security and privacy regulations.
The unfortunate truth is that data breaches are here to stay. Since 2015, the number of data breach events per year has increased more than 70 percent – and experts predict that number will only continue to rise.
Owners and their organizations were dragged to the front lines after major data breaches in 2017. Today’s world has shifted the question surrounding data breaches from “Will my company have a data breach?” to “What will I do once my business has been breached?” As such, it’s imperative that you and your business are prepared for any privacy and/or cybersecurity issues that may arise.
Research & Prepare: Your Data Breach Defense
You and your business must work quickly and diligently to address and resolve a breach event once it has occurred. But implementing preventative measures and preparing for the worst is the most effective defense against data breach and other cybersecurity threats. Use the suggested preventative tips below to help you and your business prepare for the worst:
#1 Know Your Information
Understanding your business and the information it stores can offer insight on how to protect it. It can also help you more quickly identify what information was affected in a data breach event. Know your business, the information it collects, and how it’s handled and stored. Additionally, be sure that you are aware of how the following information is used and handled within your organization:
- Your personal/financial information
- Your business information
- Your employee information
- Your vendor/supplier/third-party information
- Your customer/client information
#2 Know Your Breach Regulations
Data breach legislation varies state-to-state. Do your research ahead of time, or discuss state and federal regulations surrounding data breaches with your legal counsel/breach response team. Make sure there is a focus on breach notification laws and requirements that can include:
- Turnaround time for notification
- Breaches that require notification per type of exposed information
- Delivery method(s) of breach notifications
- Who requires notification
#3 Know Your Breach Response Plan
Prepare your data breach response in advance. Discuss and implement the proper security measures needed for your business through your IT/security team. Additionally, your employees should be educated on proper cybersecurity habits, recognizing common cyber threats and overall data security awareness – especially if employees handle sensitive data.
#4 Know What Happened
If a data breach does occur, conduct a thorough investigation and be ready to provide the following information:
- What happened?
- How many individuals or files were affected?
- What type of information was exposed?
- What is being done to rectify the security incident?
- How can affected individuals further secure their identities?
Let’s make 2018 the year businesses fight back against data breaches and face the issue head-on. Continue following Fighting Identity Crimes to get the latest breach and scam updates, ID protection news and expert tips from our industry experts.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.