Why Your Current Security Infrastructure Isn’t Cutting It
2016 was an apocalyptic year in terms of big organizations being plagued by data theft. Throughout the year, news came out about how user account information had been stolen from some of the most eminent organizations in the world. These included hackers stealing the details of around 500 million Yahoo accounts (the largest data breach in history), 427 million MySpace accounts, 167 million LinkedIn accounts, 68 million DropBox accounts and 33 million Twitter accounts. Often the breaches had occurred in the decade earlier, but only came to light after hackers tried to sell the stolen credentials in 2016 on the dark web.
After the data breaches were disclosed, the organizations concerned issued statements urging their users to change their password and login information in order for their accounts not to be compromised. But the damage done to the reputation of these organizations, and their profit margins, may take a long time to repair. According to the research firm Alertsec, it will take Yahoo many months before it regains the trust of its users. The firm also found that 97% of Americans lose trust in companies which are subject to substantial data breaches.
You may believe that your business is relatively safe from data breaches. After all, the companies cited above are all massive organizations and it’s easy to assume that hackers are more attracted to the most famous enterprises rather than small and medium-sized businesses. In fact, the opposite is true. A study by the US government reveals that small and medium-sized businesses are actually the principal targets of cybercrime and are subject to the most attacks! The main reason is because hackers view smaller businesses as having less robust security mechanisms in place due to their lesser amount of financial resources, making them easier targets.
And the hackers would be right. The same government study revealed that many smaller businesses have weak or even nonexistent security protocols in place. This kind of indifference towards cybersecurity is perilous in a climate where hackers are getting bolder by the minute, and could result in serious negative ramifications for your business in terms of reputation as it did for Yahoo, or crippling financial ones. In terms of cost, the average cost of a data breach for an organization is estimated to be around US $4 million.
There are a number of security measures your business can take to prevent your sensitive data from being leaked. A straightforward one is making sure your employees don’t reuse passwords. In fact, the DropBox theft occurred because a DropBox employee used the same password for their work account as they did for their personal LinkedIn account. When LinkedIn suffered a data breach, hackers were able to acquire that password and then use it to gain access to the customer database of DropBox!
It is also useful to move beyond just passwords. Two-step authentication methods, where your employees have to enter a password but also need to have their identity verified through some additional measure (such as using their cellphone) are a good means of increasing security.
Lastly, it is important to restrict downloads from your servers only to parties who categorically need that data, since hackers frequently find their way into corporate systems by hijacking third parties who also have access to those systems.
No business is too small or unimportant to be safe from predatory hackers. Protect the data of your business by ensuring your security infrastructure is up to an adequate standard. Implementing the steps mentioned above is a great way to start.