After a relatively quiet few months in the data breach world, June featured a surge in news surrounding the compromise of personal information. Relatively small breaches were reported in Texas, New Jersey, and a host of other states. But the biggest announcement came from the United States federal government, which revealed that cyberattackers had hacked into the Office of Personnel Management in December 2014, gaining access to unencrypted data on more than four million federal workers. That access was not detected until April.
Even scarier, while the FBI’s incident response team was investigating that first breach, they detected a second intrusion into a system that contained information from Standard Form 86, a 127-page document that all federal employees (including military personnel, defense contractors, and intelligence agents) must fill out disclosing information about friends, family members, credit ratings, and medical histories. That raised the sum of possible people affected to nearly 15 million.
Once you include the Anthem breach and Premera Blue Cross breach that occurred earlier this year, that puts the total number of those affected by data breaches in 2015 over 100 million. Sounds terrifying, right? It is — but it also provides an opportunity to take a serious look at the security of your business data. Here are some strategies we recommend:
- Implement a comprehensive remote monitoring solution. This is imperative for business security — never mind the boosts in productivity and efficiency it can provide. Monitoring and maintenance solutions like CMIT Marathon keep an eye on your systems 24/7, constantly looking for possible intrusions and attacks — and when unusual activity is detected, action is taken immediately to fix the issue. The US Office of Management and Budget even required government agencies to employ just such real-time monitoring in a “30-Day Cybersecurity Sprint” put in place after the aforementioned breach.
- Encryption matters! Cyberattacks can’t always be prevented; 840,000 patient records were stolen in New Jersey off of cable-locked hardware when Horizon Blue Cross Blue Shield’s facilities were closed for the weekend. That makes data encryption so critical — if the federal government’s data had been encrypted, those 15 million federal employees wouldn’t have to worry about who is now in possession of their data.
- Be aware of spam and malware. Targeted email-based attacks against small businesses have been on the rise since 2013, so make sure you and your employees understand how they work. Nearly 30% of all security breaches occur when hackers use sensitive information to impersonate a user — and all it takes is one person unwittingly clicking on a malicious email attachment or illicit web link to affect an entire network. The bottom line? Do NOT click on any email attachment or embedded link unless you trust the sender or source and are expecting said attachment or link.
- Revisit all policies, procedures, and staff training initiatives. We’ve said it before, and it bears repeating: every employee, workstation, and mobile device represents a possible vulnerability. Many high-profile data breaches are the result of coordinated cyberattacks, but many smaller ones stem from a single stolen thumb drive or employee that inadvertently opens an infected email attachment. Outlining policies to avoid such incidences won’t prevent them from happening entirely, but it can certainly help.
- Have a trusted IT professional run a security audit on your systems. Not sure if the security of your data is up to snuff? Don’t think a data breach can negatively affect your company? Afraid your information isn’t properly protected? Remember the old saying, “An ounce of prevention is worth a pound of cure.” CMIT Solutions can help with that.
We understand the critical nature of data security and the impact a breach can have on your business. Contact us today to put our solutions — proactive monitoring, encryption, anti-spam, anti-malware, staff training — to work for you.