If you thought that 2014 was a bad year for data breaches, then brace yourself. Last year was equally horrific and 2016 is expected to be even worse. Organizations like CareFirst BlueCross BlueShield, Kaspersky Lab, HackingTeam, LastPass, Anthem, Harvard University and the Army National Guard have all been compromised within the last year. Of course, one of the more newsworthy hacks was Ashley Madison, which compromised more than 32 million accounts — and probably ended a fair amount of marriages.
What’s being done to prevent these attacks from happening again so that your company’s financial future is safe and sound? Here is what we’ve done to protect ourselves from the constant security threats.
According to Javelin Strategy & Research’s 2015 Identity Fraud Report, two in three people who have been affected by data breaches become identity theft victims. There should be concerns that this could get worse thanks to the Internet of Things becoming more widespread, hackers getting more sophisticated and the fact the vital information, such as addresses and financial information, can easily be found in corporate data.
There are, however, some basic measures you can take to protect yourself from possible security threats. Here are some of the common things we’re doing to protect both ourselves and our customers.
Monitor credit card statements weekly. If you wait until the end of the month to review your credit card statements and bank statements, you won’t be able to catch suspicious behavior as quickly. If anything looks out of place, investigate it immediately.
Sign up for real-time alerts. If you haven’t done so already, take advantage of the notification services that your bank or credit card company offers. If any unusual activity appears, you’ll be notified instantly. Additionally, pretty much every company that you do business with (like Oracle) also offers security alerts.
Don’t share private or company information. This should be common sense, but many of us are still guilty of sharing too much information with others. Keep private information to yourself. And never open up any emails that seem fishy.
Routinely change passwords. Again, this should be obvious. But there are plenty of people who still use weak passwords that can be easily hacked. To prevent this, come up with strong passwords that are creative and change them every couple of months.
Subscribe to identity protections. Using services such as Experian will monitor everything from your social security number, credit cards and other vital data.
Furthermore, business owners should only store essential customer information and remove data from customers who are no longer relevant, have a firewall in place, use the latest cyber-protections software and/or implement two-factor authentication. Train your employees so that they don’t unknowingly share data with a hacker.
In many cases, common sense and proper training are enough to thwart a cyberattack — or, at least, prevent it from being detrimental to your business.
What’s being done
Training, education and being prepared are just a handful of ways to prevent security threats. The problem is that even being well-prepared isn’t going to completely stop a hacker from getting into your database. That’s why we all need to learn from the problems that companies like Target and Sony have experienced in the past so that we can create a plan and know how to respond.
But that’s only going to take us so far. That’s why the private sector and government need to work together in the fight against security threats.
In New York state, for example, Senator Michael F. Nozzolio proposed legislation that “would establish tougher penalties for cyber-related crimes, create cyber security programs to identify potential risks and threats, and require the state to perform a comprehensive review of all its cyber security measures every five years.” Nozzolio also wants to establish “the New York State Cyber Security Initiative to ensure that our State has a proper cyber security defense system in place.”
On the federal level, President Obama has been pushing for legislation since 2011 that would “make it easier for the private sector to share cyber threat information with the government.” Greg Martin, the founder and CTO of ThreatStream, argues on Business Insider that “Using clues from one attack to prevent it from spreading to other businesses is crucial to stopping the rampage.”
This proposed bill, known as the Cybersecurity Information Sharing Act (CISA), is now law. Unfortunately, many tech companies, civil rights groups and security experts aren’t in favor of the new law because of privacy concerns. The new law is apparently just the beginning.
That’s not to say that the private sector should completely rely on the government to solve all of its security concerns. Companies must still do their due diligence and be prepared. Having the government also creating an infrastructure to prevent attacks in the first place is an added bonus.