While cyber-attacks on familiar names like Target and credit reporting company Equifax have made headlines in recent years, cyber-attacks in 2019 have been plentiful and worldwide. Some examples include:
- In January, Singapore's Ministry of Health (MOH) revealed a data breach involving 14,200 individuals. While the number may not seem all that serious, the nature of the incident certainly was -- given that these people were all diagnosed with HIV. An unknown hacker managed to steal the information -- alongside 2,400 of their contacts -- and the records were published online.
- Facebook is a constant source of data leaks and security failures these days -- and an incident in April was no exception. Two AWS (Amazon) servers were found by researchers to store over 540 million records including account names, Facebook IDs, and user interaction data. The servers in question were owned by third parties and were not properly secured.
- Another data breach in April involved the Georgia Institute of Technology. Georgia Tech said a vulnerable web application provided access to a database which stored the personal data of current and former staff and students. In total, 1.3 million individuals are believed to have been affected.
- Yet another data breach in April involved automaker Toyota. The company has recently faced a barrage of intrusions across Australia, Thailand, Vietnam, and Japan, and in the last case, as many as 1 million customers and employees were impacted. Reports suggest that eight Toyota subsidiaries and dealerships were attacked, and hackers were able to access internal computer systems. Names, dates of birth, and employment information -- at the least -- were involved.
- In the U.S., a data leak involving individuals seeking out rehabilitation for addictions in April also proved to be a serious breach of trust. An unsecured database stored 4.91 million records including patient names and the treatments they sought.
- First American, a real estate and insurance giant, said in April that a data breach of critical severity had revealed 885 million documents. Dating back to 2003, these records included Social Security numbers, driver's license images, financial data, and transaction records. What made matters worse is that the information was available on the firm's website for anyone to steal.
- In June, it was disclosed that information belonging to up to 9 million Quest Diagnostics patients had been compromised. AMCA, a billing collections partner, was at fault. A hacker managed to access the firm's systems; and it is possible that financial information, Social Security numbers, and medical information has been either exposed or stolen outright.
With cyber-hacking becoming an almost daily occurrence, what can we do as individuals and companies to protect ourselves? Here are five best practices to consider:
#1 Password Management
Creating a strong password is a simple thing to do, yet it’s often overlooked in lieu of more complex technologies and practices to protect a system. However, a strong, unique password is not only a great first step in cybersecurity, but it’s the simplest, easiest way to prevent unauthorized access to a system. For the highest level of protection, passwords should have no fewer than eight characters (a mix of upper and lowercase letters, numbers, and symbols) and should not include words that would normally be found in a dictionary. Consider using passphrases, such as a made-up sentence, to help remember increasingly complex passwords.
#2 Device Deployment
A second cybersecurity best practice to adopt is very straight-forward: Follow manufacturers’ recommendations for how devices should be deployed. Don’t cut corners to save time or money when it comes to deploying new devices to employees.
#3 Updates and Patches
Another simple but often overlooked step in cybersecurity is keeping device firmware and software up-to-date. Updates provide patches against security threats that may exist, as well as patches for bugs in the software.
#4 Secure the Ecosystem
All devices and systems are part of an overall ecosystem, so securing the network and everything that connects to it is another step toward maximizing cybersecurity.
#5 Ongoing Management and Maintenance
Cybersecurity is not a one-time consideration; it’s an ongoing process. It’s critical to continually engage in password management, proper device deployment, system updates and patches, and to replace components that may no longer be supported by the manufacturer. It’s also important to look at components that may wear out over time, such as hard drives, workstations, laptops and even IP cameras that may be vulnerable to hackers.
Despite the likelihood that we will all experience a cyber-hack at some point, it is possible to lessen the odds of becoming a victim. Consult with a professional IT company for questions and concerns. For more details on cybersecurity practices, check out this Security Magazine article.