It seems like every time you turn on the news or click on a news app on a smartphone or other device, you hear or read about another data breach. It seems that way because over the past several years they’ve been happening more and more often. In 2018, for example, Twitter had a data breach that exposed over 330,000,000 records to cyberthieves. Facebook had a data breach in 2019, exposing 420,000,000 of their users to cybercriminals, and Capital One’s data breach exposed account information on over 100,000,000 customers to hackers. Last year, it was Facebook again with an even larger data breach than the previous one, along with Microsoft, where 250,000,000 records were exposed.
One estimate is that a data breach costs a company a minimum average of $3.9 million, and it costs small businesses anywhere from $36,000 to $50,000. What’s taken during a data breach? Emails, passwords, and sensitive personal information (including financial information) are the top 3 targets of cybercriminals. So, how do these bad actors get access to such massive data breaches? The most common way past IT security is hacking, using a password that was compromised or stolen. Other times, it’s due to weak passwords or an employee leaving a computer or device unattended.
Data Breaches Can Cause Lots of Damage
It’s one thing for a cyber crook to steal passwords during a data breach, but more often than not they’re encrypted, so they are only able to see how long they are. Unfortunately, it can get a lot worse. At times hackers can steal private and highly sensitive information including Social Security numbers, credit, and debit card numbers, and passwords. But a bigger problem that has shown up in recent data breaches is that the company wasn’t aware that there even was a data breach for weeks or even months. That’s a lot of time for a criminal to use the data and information they’ve stolen.
Here’s a statistic that should frighten you: 65% of data breaches result in identity theft. This leaves victims in financial distress and emotional turmoil, and can often take months if not years to resolve. Because some companies aren’t aware they’ve been breached, it’s smart to always monitor your bank accounts and your credit report, looking for unusual charges or suspicious activity. You can get a free credit report using the Federal Trade Commission’s website.
While the average cost of a data breach to a company is $3.9 million, some can cost more – a lot more. Here are some eye-opening examples: it cost Equifax $575 million in fines and settlement, Uber paid $148 million in fines, and it cost Home Depot close to $200 million. The fines are on top of what they have to pay consumers when the breach led to identity theft, not to mention the costs they have to pay to continually monitor the hacked victims’ credit. The bottom line is that it pays to prevent a data breach rather than have to pay the costs of one if it ends up happening.
How Data Breaches Happen
Some data breaches happen due to cybercrooks sending out phishing emails that look like they came from within the company, and they inadvertently open the door to hacking. Other times it’s an “inside job”, where someone within the company purposely steals passwords or gains access to the mainframe and steals data that they intend to sell or use to commit theft.
Surprisingly, some data breaches are the result of an employee’s error. An employee uses a weak password or sends an email to the wrong address due to a typographic error, or accidentally shares the password with a non-employee. It’s surprising because in this day and age there is so much awareness and emphasis placed on cybersecurity. But we’re all human, and errors happen.
Hackers have other ways of getting into sensitive data. They plant malware that steals data and passwords, they plant keylogging software on an employee’s computer so that they can track every keystroke the employee makes, including their passwords to enter the system. Often they can inject SQL code into the system, which tricks the system into implementing the instructions embedded in the malicious code.
Avoiding Data Breaches
One of the most important ways to avoid a data breach is to minimize your digital footprint and the digital footprint of all employees. A lot of unauthorized personal information is available on people-search sites, so a good start is to remove that information. There are over 100 people-search sites including Pipl, Spokeo, and PeopleFinders, and each one has its own unique way of removing information and opting out.
What to do After A Data Breach
Change your passwords to a strong password – and use a unique one for each account you have. The best way to do this is by using password management software, including LastPass, Bitwarden, and 1Pass, among others, to generate and manage all of your passwords.
Do a credit freeze – it’s free and it will prevent a hacker from opening new accounts with your information. The FTC has published a great guide on resources you can use after a data breach.
Following these guidelines and using this information will help prevent data breaches and will help to minimize the damage they can cause. The more you do to prevent a data breach, the better!