Notorious Data Breaches of 2016 – And What We Learned
Some of the largest data breaches occurred last year around the world.
While organisations had to deal with the financial and other consequences, it’s important to understand why they occurred and identify safeguards that will help prevent similar data breaches in the future.
Here’s what security breaches in 2016 have taught us about information security.
Take cyber risk seriously. One of the biggest data breach incidents occurred when tens of thousands of customer accounts from a large supermarket chain were compromised, and the organisation had to suspend online operations. Despite growing awareness of cyber breach risks, commented a security expert online, some businesses are still not taking cyber risk seriously. Solutions: Acknowledge that cyber risk is much more than an IT problem, and take a balanced security approach with up-to-date network security, automated security enforcement, and access control and other safeguards to help reduce employee error.
Teach employees well. When a college employee in the US received a request from a fake email address asking for employee information, the individual sent sensitive information including names, earnings, and insurance numbers. Solutions: Implement a culture of security in the workplace, and provide ongoing employee training. Employees must be aware of phishing scams and other cyber security risks in order to recognise red flags and make security-minded decisions.
Practice good password hygiene. Weak and reused passwords caused all kinds of data breach problems in 2016. Dozens of celebrities had their Twitter accounts taken over, for example, and even the CEO of a popular social media website had his social media accounts hacked. The workplace is just as vulnerable. Solutions: Create strong passwords. Be cautious when opening password-protected files. Don’t ‘remember password’ on public computers. Never leave passwords in open computer files or on sticky notes.
Control insider access. An insider attack at a software firm put the personal data of employees at 280 businesses at risk. "We are investigating unauthorised access to customer information using an internal login" explained a company statement. Solutions: Organisations should take a more aggressive stance towards insider fraudsters with identity and access management and data loss prevention.
Better protect mobile devices: In another breach in the US, which echoes many in the UK, a healthcare organisation lost sensitive data from hundreds of thousands of patients when an unencrypted laptop was stolen. Solutions: Use encryption on all mobile devices. Teach employees to be mindful of confidential information risks outside of the office. Never leave devices unattended. Remove only the confidential information that is necessary. Securely destroy paper and digital information that is no longer needed.
Keep your documents safe by putting a secure document management policy in place. Download your free guide here.