Data Breaches: ‘The Third Certainty in Life’

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://www.memphisdailynews.com/news/2016/feb/3/data-breaches-the-third-certainty-in-life/


I recently received an email from a former colleague that appeared to be a
DropBox link with “important documents.” Since it had been awhile since our
last correspondence, I emailed back to make sure that the note was real,
only to receive a bogus response that confirmed my suspicions. Cue me
reporting it to her company’s help desk, blocking the user from my email,
and deleting the note.

This is one of the best examples of social engineering currently being used
by hackers. And it serves as a reminder to small businesses everywhere to
get ahead of the problem.

Adam Levin, co-founder of Credit.com, recently dubbed data breaches “the
third certainty in life,” adding to the traditional death and taxes. Most
data breaches, such as the example I cited, could’ve been avoided by simply
updating passwords to ensure they are unique and not easily detected.

Before you fall victim to the latest email scam, and thus increase your
chances of infecting your computer with malware and spyware, hold yourself
accountable with some of these password tips:

If your password is obvious to you, it’s obvious to others.

That includes “123456,” “password,” “welcome,” and even “starwars.” Check
out SplashData’s top 25 most popular passwords in 2015 for the full list of
passwords to avoid.

Use different passwords for different accounts.

> From online banking to shopping, make sure passwords are not automatically
saved on your computer or the same across multiple websites. This is
especially critical if you run your company’s social media pages.

Get creative with your passwords.

Hackers use big-data analytics when attempting to crack passwords. To not
fall victim to their algorithms, use passwords that are a minimum of 8
characters, mixed with numerical and special characters (*, @, #, 2). For
another level of protection, try password managers, which use software to
encrypt passwords.

Authenticate.

Require employees to use unique passwords and change passwords every 90
days. Consider implementing multifactor authentication that prompts for
additional information beyond a password for access. Speak with your
vendors that handle sensitive data, particularly financial institutions, to
see if multifactor authentication is offered on your account.

Employee training is inexpensive, but critical.

Most hacking episodes occur when employees click on malicious links or
websites. Security experts agree that education is the best defense. Train
employees in security principles, password etiquette, Internet guidelines,
and spotting suspicious emails – and specify violation penalties.

These days, fighting the good fight against online criminals should be
engrained in any business’s operations. I challenge you to recall the last
time you changed your password. If it’s over 90 days and/or is easily
guessed, it’s time to beef it up and lessen your company’s risk of
susceptibility.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.