“A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.”
That’s how Wikipedia defines it.
The main causes of a beach are as follows:
1. Weak passwords without multi-factor authentication
It is a good thing that most websites are now requiring strong passwords, usually requiring a series of special characters along with length requirement. Some even do require multi-factor authentication. That is a good thing.
People tend to not remember passwords, so they make them all the same thing, or a variant of the same thing. Not a good idea! When one of your accounts gets compromised, all the other ones are at risk as well.
With multi-factor authentication, you bring in an extra layer of security. You tie a text message, a phone call, email message, or other app like Authy as your extra layer of security. That way, if your password is compromised, they can’t get in to your account without the second form of authentication.
When this extra layer is not required or offered, users should seek out other ways to strengthen their passwords. With a password manager, such as Solar Winds Passportal, you can have complicated passwords and not have to worry about remembering them.
You should also have a good breach management system in place.
Yes, for residential computers as well.
There is a plethora of information on your computer that spying eyes would love to have. Making sure you have a good firewall (usually part of your modem/router) in place. The built-in ones are good, not great, but it beats not having one at all. Having a secured wireless network is important. Also, having your computer updated with an advanced anti-virus is important.
2. Vulnerable users’ tendencies to click on malicious links
This is a big one. There are so many phishing emails that come through nowadays. They are hard to spot and even harder to stop. For corporate users, getting an email filtering service is essential. Check out Ironscales for information on this.
For both residential users and corporate users, you need to be wary of links and attachments that come from unknown addresses. Even what looks like a known address, you need to confirm that your sales department for instance, sent you the quote you had no idea was coming. Take the extra few seconds and contact the supposed sender via a different avenue such as an instant message or the phone. Even an email that you start from your address book is a good idea.
By no means, enter your logon in formation into a web page you got a link from in an email. Always open a new page and navigate to it yourself.
3. Lack of employee cybersecurity training
For our corporate users, you need to train, train, train, train. It is so important to know what to look for. You need to protect your companies network. Most people feel that the only way to get hacked is if their individual machine is attacked. Wrong! If your company gets attacked and has a data breach, that means there is a chance your credentials are now in the hands of the bad guys. Your IT department should be able to handle the breach. They would expire the credentials and make you create new ones.
One big problem, like mentioned above, when your corporate credentials have been compromised, if you use the same passwords everywhere, guess what? Yep, now your other accounts are vulnerable.
4. Unsecured and out-of-date company computer networks
Computers that have fallen victim to targeted or drive by hacking, most of the time have not been updated appropriately.
Security patches and 3rd party updates are put out regularly and need to be applied as soon as possible. These are not trivial updates. Do them!
Our Proactive Computer Management for home and our Proactive Computer Management for Office plans help you with all of these items. If you would like some more information, please contact us for a quote.
As always, stay safe out there!