Protect Yourself: Don't Become a Victim of a Data Breach
Unless you pay no attention to the media, you’ve heard about the catastrophic data breaches that hit high profile companies hard in 2014. And cyber-attacks aren’t slowing down; the first half of 2014 showed double the hacks of the entire previous year. Here are three of the worst high-profile cyber-attacks in history that happened in 2014, and what you can do to avoid being the victim of a data breach.
On November 21, 2014, executives at Sony Pictures (including CEO Michael Lynton) received an email from an anonymous source stating that there would be “great damage” and that the company would be “bombarded as a whole” if it did not pay money. Three days later, every computer in the Sony Pictures Entertainment’s headquarters in Culver City had the image of a skull flash on their computer screen with a warning: “This is just the beginning.” Indeed it was.
Movies that had yet to be released began to appear online on file-sharing websites. Disastrous data leaks followed: company security certificates, passwords, top executives' salaries and emails and budgets for feature films began to appear, in addition to over 47,000 employees’ financial profiles and certain celebrities’ personal identity info. Before the attack was over, the hackers had stolen 100 terabytes of data, which is 10 times the amount of data stored in the entire Library of Congress.
The Sony hack went down as one of the most devastating data breaches in 2014.
Mistakes: Sony’s hack wasn’t special, it was typical. The company wasn’t protected against Trojans, had no password management policies, proper encryption protocols or essential data protection. In addition, there was no employee security training and no security policy communication within the company.
Takeaway: Companies need to share and collaborate security information within the corporate structure and speak out about current data breach information with other companies to increase awareness of possible breaches. Furthermore, all employees should be trained to know the company’s security policies and the ways a company’s data can be compromised.
At the beginning of September in 2014, Home Depot announced a security data breach. Between April and September, roughly 56 million cards and 53 million email addresses were stolen from shoppers. The criminals gained entry to the payment system by using the login information stolen from a Home Depot vendor and then installed the malware that brought down the system.
It’s the largest data breach of any retailer in history.
Mistakes: Before this big breach, the company had suffered at least two smaller hacks. After both breaches, Home Depot made the mistake common to many retailers: it continued to ignore payment system vulnerabilities and did not encrypt registers, hence the 2014 debacle.
Takeaway: Don’t wait until you’re hacked to beef up security. Purchase or upgrade security software, identify and isolate vulnerabilities in your systems and fix them immediately. Install system updates promptly and enhance your encryption.
In January of 2014, Michaels, the largest arts and crafts chain in the U.S., announced a company security breach that included stolen card data affecting 3 million customers. In April, the company released an update concerning the attack: the hackers had used highly sophisticated malware to infect the payment systems and the breach had been going on for eight months.
It was the retailer’s second data breach in three years.
Mistakes: Retailers tend to ignore the security on their POS (point of sale) systems and Michaels was no different, leaving it wide open for system invasion. “Highly sophisticated malware” deserves highly sophisticated security, which Michaels failed to acknowledge. Finally, the malware was in place for nine months before it was discovered.
Takeaway: If you are a retailer, install or upgrade your POS system security to the highest level. Any little variable left unprotected is fair game to hackers. Pay attention to signs that something is amiss to detect a breach before it gets completely embedded into your system (like getting a lockout message the first time you log in to your computer) and don’t ignore an attack, because if something isn’t done, it will happen again.
Company executives can no longer rely on a simple firewall and antivirus protection, because when it comes to hacking, cyber criminals will always be one step ahead. Leave no stone unturned when it comes to protecting your company from cyber attacks. You’re only as secure as your weakest link.