IT Security Lessons from the World’s Biggest Data Breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://smartdatacollective.com/kyle-cebull/307646/it-security-lessons-world-s-biggest-data-breaches

Historically, the data breaches to make news headlines are the ones that
occur at enterprise organizations. Specifically, eBay, Home Depot, Target
and the Playstation Network are a few to come to mind. But as these
enterprise organizations form even stronger security protocols, hackers are
turning to small business. Hackers see small business as easy targets.
Often with less IT security measures and lots of valuable data to be had –
small businesses across the country are at risk for data breaches. Don’t
believe me? According to a survey by the National Small Business
Association, 44% of small businesses have been hacked, with associated
costs averaging $8,700. According to a study by the Ponemon Institute, that
number is even bigger with 55% of respondents reporting a data breach. With
risks and vulnerabilities only increasing as hackers continue to target
small business, it’s important to explore takeaways from some of the
world’s biggest data breaches and apply them to your organization’s IT
security.


Understand the cause:

Of the top 4 data breaches in the world, 3 of them were executed by
hackers. This is important to understand, because it will help you as a
small business determine how to set up your technology, infrastructure and
network in such a way as to avoid being susceptible to hackers. What can
you do to protect your business’ data? Proactive measures are your best bet:

- Install a secure firewall. A firewall is essentially a business class
router with the ability to customize security services. This is important
because it will block unauthorized access and prevent the spread of viruses.
- Enterprise class antivirus. NEVER use free antivirus. Like we described
in this blog, you want an antivirus software that can be centrally managed
and monitored with updates on a regular basis (as often as every 15
minutes).
- Complete Windows patching. You need to make sure that you’ve closed any
available external access by patching any security holes. Windows regularly
releases security updates to patch these vulnerabilities – and you need to
make sure that you or your IT provider are completing the updates as often
as new patches are released.


Screen, limit access, and train your employees.

The world’s largest data breach was actually an inside job, which
compromised 200,000,000 data records. What can you do to ensure that your
employees don’t take advantage of a security gap?

- Carefully screen your employees. Conduct background checks and ask for
references for every employee you hire. If you work in an industry or
business where you deal with very secure data, engage a head hunter or HR
firm that can conduct extensive interviews and ask the right questions or
conduct personality tests to determine if an employee can be trusted.
- Limit access to necessary files. Don’t provide access to folders and
files that your employees don’t need, or those that include sensitive data.
This will eliminate any temptation to attempt to use or steal the data.
- Create security policies. Mobile device passcodes, more secure password
structures and user security policies allow you to ensure that every
employee is on the same page with regard to company security.


While you may not have access to millions of credit card numbers or an
extensive database of data, security should be a top concern for your
organization. Breaches cost small companies thousands and sometimes
millions when they occur. Limit the opportunity for your data to be
compromised with these tips.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!