One of the biggest security issues faced by organizations worldwide is the danger of a data breach. A recent technical report says as many as 90% of large corporations and 74% of small enterprises have experienced a security breach in the last five years. While professionals concentrate on preventing health care data breaches, host endpoint protection and vulnerability management, hackers still manage to steal data without authorization. Analyze some of the most common causes to reduce your organization’s risk.
1. Password Problems
Verizon’s Data Breach Investigations Report found 63% of investigated breaches involved weak, stolen or default passwords. Sometimes employees use predictable combinations for all their accounts, so once hackers figure out the code, they have access across systems. Other times they store passwords in an easily accessed location.
Hackers conduct phishing attacks in which they send out an email that looks authentic asking users to reset passwords. When they follow the link and enter current passwords for a reset, the hacker captures them for later use. Sometimes clicking the same link can enable malware installation. Often, organizations don’t discover data breaches until weeks after an attack.
2. Ransomware and Malware
Malware is any form of malicious software hackers can use to steal information. Trojans, spyware and worms all are viruses that users often install accidentally by clicking on a link or authorizing a download that seems legitimate.
Ransomware is a form of malware that infiltrates systems with a computer virus and makes data inaccessible until the user pays money for its release. Users allow infection when they click on a ransomware link. Often the link comes in an email that looks like it’s from a trusted source. Fake bank notices or utility bills prompt users to let the virus in, then ransomware encrypts files so they are inaccessible.
Hackers have used ransomware since 1989, but it has become increasingly sophisticated. Ransomware for law firms like the multinational firm DLA Piper can make a firm’s data inaccessible until they pay to regain access. Verizon recently reported ransomware is the fifth most common type of malware.
3. Human Error
While hackers and viruses cause extensive damage, much of it is only possible because of human error. Reuters reports that 73% of data breaches happen because of the people operating machines. People might cause accidental breaches because they don’t understand the risk. Organizations can protect themselves by implementing techniques like two-factor authentication, security risk training for staff, and security incidence response programs.
Even more troubling than employees who provide accidental access are those who do it on purpose. Employees, vendors and contractors who have access to data can become a risk if they decide to use that access maliciously. Organizations can limit access to only essential personnel, or offer varying levels of access depending on each employee’s role. Conduct background checks before allowing new users access to make sure they don’t have a history of misusing data.