What is a Data Breach and How to Protect Yourself
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual or organization. Here are some of the basics on Data Breaches and some simple steps you can take to help protect yourself from them.
What is a Data Breach
A data breach occurs when a hacker or cyber criminal gets access to to a computer system and obtains some of its protected and sensitive data. In many cases, the information includes things such as individual’s names and addresses, social security numbers, bank account information, and credit card information. It can also include such things as health and medical records, business transactions, and other types of personal, identifying, or business-related information.
How do Data Breaches Happen
Data Breaches generally occur when a “hacker” bypasses a computer system’s security and accesses the the data. Data breaches occur either through physical access to a computer system or network and copying the information onto some sort of portable memory device (which are less common), or as a result of bypassing the system’s network security and remotely accessing the information (which is by far the most common way a data breach occurs).
What are the Causes of Data Breaches?
There are many causes for data breaches, but the main ones:
Weak Passwords - Easily guessed passwords often the cause of a data breach, as it can be easy to decode an easily guessed password. Passwords such as “password”, “123456”, “qwerty”, “guest”, and “welcome” and “111111”, a well as simple variations of your name or use of your birthday are easily guessed by hackers.
Network and Software Breaches - Networks and software security applications can be poorly coded or have inherent weaknesses that can lead to a data breach. Hackers are able to exploit these programs weaknesses and gain access to the “back-end” systems and the linked databases, that are the actual “containers” of all the personal data.
Malware - Malware, similar to computer viruses, can be unknowingly downloaded and placed onto a system. This generally occurs when someone “clicks on a link” or “downloads a file” that triggers or downloads a malware program. Once downloaded, this program is then able to remotely access and transmit sensitive information from the system back to the hacker, and often can continue to run for long periods of time without the user’s knowledge. Whereas a computer virus is generally focused on causing damage to a system by corrupting or deleting data, malware is instead focused on copying system information including account information, passwords, and back-end system data.
Phishing - Phishing attacks also may lead to data breaches. Phishing occurs when someone is “fooled” to provide their personal information or network passwords to a hacker. This often occurs by the user receiving an Email or visiting a website that “looks legitimate”, but is actually a phony Email or a “fake site” created by the hacker to collect such information. The user may be asked to provide their login information or other sensitive information such as their social security to the hacker. Once the hacker has this information, they are able to get access to the user’s back-end systems and associated personal data.
Insider Information - In some cases, a disloyal or disgruntled former employee may decide to steal company information. This can be done out of anger or spite, as well as for personal gain or for sale to hacker sites or even competitor companies..
Theft - The theft or loss of a corporate asset (such as employee laptop or USB drive) may also lead to a data breach. A laptop may be lost and the password written on a post-it note attached to the password may contain sensitive information. USB and thumb-drives are also routinely lost, many of which are not password protected or the contents encrypted.
What are the Main Steps that Occur during a Data Breach
The following are the steps usually involved in a typical Data Breach Operation:
Research: The cybercriminal looks for inherent weaknesses in the company’s security, usually either through people, systems, or the computing network.
Initiate Attack: The cybercriminal makes initial contact, often using either a computer network or by a Social attack. This is normally either through a “Network Attack” or a “Social Attack”.
Network Attack: A network attack occurs when a cybercriminal uses the computing infrastructure, systems, or an application weakness to infiltrate an organization’s network. Companies running older versions of network programs or software are particularly vulnerable to these types of attacks.
Social Attack: Social attacks involve tricking or baiting employees into providing the cybercriminal access to the company’s network or system. This can be done by fooling an employee to provide their login information by impersonating a company authority through a false Email or website, or by the employee accessing a website or downloading a file that contains a malicious program or attachment.
Exfiltration: Once the cybercriminal gets access to one computer, they can then attack the network by “tunneling” their way to confidential company data, often by accessing and downloading data stored in back-end databases and files. Once the hacker extracts the data, the attack is considered successful, although it is possible it can continue for an extended period of time without the firm’s knowledge.
If your information has been stolen, follow these key practices:
Individuals are rarely the direct target of cyberattacks, who are generally looking to steal sensitive information in bulk. However, individuals are often impacted by these attacks when their personal records are part of the information that is stolen.
Notify your bank - Verify your account details and change PIN codes. If necessary, you may need to close existing bank accounts and credit cards and open entirely new ones in their place.
Verify all incoming Emails - Cybercriminals can pose as representatives of financial institutions or other types of firms and ask for your personal information or login information. Some cybercriminals have even impersonated the Internal Revenue Service (IRS) and other government agencies. Always verify all incoming Emails are legitimate by contacting the company or agency directly and ensuring the communication actually originated from them. Do NOT use the contact information provided in any suspicious Emails, as this will often be the Cyberhackers posing as the firm or agency. Find the firm’s customer support information from your recent statements and contact them directly.
Do not Click on Suspicious Links or Download Files from Unknown Sources - Do not click suspicious-looking links or download files from unknown sources. Cybercriminals will often use Emails and Website that are similar to, but not exactly correct. Often, it will be different by just a few letters or a slightly different domain name. In some cases, cybercriminals are able to “spoof” Email addresses, so that they can look very legitimate. When in doubt, do not click on any links and certainly do now download any files to your computer. Again, contact the firm’s customer support organization directly to verify any questionable communications.
Be Aware of any Emails with Grammar or Spelling Errors. Cybercriminals are often based in foreign countries and their Emails or false websites may have improper grammar, spelling errors, or images that do not work properly. They may also reference accounts you do not actually have, non-payment issues when you know your account is current, or warn of other urgent, impending problems if you do not respond to their Email immediately or click on a certain link to provide requested information. These are all indicators that an Email may be from a hacker or not the actual company. Again, when in doubt, always contact the firm directly to verify the validity of any type of communication received.
Contact the Breached Company - If your data, passwords, or financial information has been stolen, contact the breached company directly and ask how they can assist you. They may know the extent of the breach. They may also provide you with an option to enroll in a fraud protection program for a period of time at their cost.
Perform a Credit Freeze - You may wish to consider placing a “credit freeze”, which should reduce the chances of someone impersonating you and opening new financial instruments under your name. While a credit freeze won’t stop every type of issue, it will at least prevent someone from opening up new credit accounts under your name or making any changes to existing credit accounts.
Enroll in a Fraud Protection and Credit Monitoring Program - There are several companies that offer Fraud Protection and Credit Monitoring programs. There are programs offered by the major credit companies, as well as programs offered through financial institutions, employers, and through private organizations. These normally have a monthly cost, but some basic monitoring services are actually free and included as a “benefit” under certain organizations. In today’s world, the use of these services is something everyone should seriously consider.
Always Use Current Virus Protection Software - Ensure you always use current and updated virus protection software. Many of the better anti-virus software protect not only against damaging viruses, but also can detect potential hacker and Phishing attempts in Emails and questionable links and even false websites.
Use a VPN Service - A virtual private network (VPN) is a computer network technology that creates a safe and encrypted connection over a less secure network, such as the internet. It is generally used when connecting to corporate networks, but is also very useful for when using publicly available internet “hotspots” such as in airports and cafes. When you access these public networks, it is possible for cyberhackers to capture your private login information, credit card details, or even your Email communications by using “monitoring” programs. By using a VPN, your information is securely “encrypted” and cannot be viewed by anyone monitoring these networks.
Cyberattacks and Data Breaches are an unfortunate reality in today’s ever-connected world. In addition, the frequency, size, and scope of these breaches continues to grow as more-and-more information is moved “to the cloud” and as the sophistication of the cyberhackers continues to group. Although you can not ever completely eliminate the risk of a cyberattack, and data breaches of companies and organizations is often beyond your control, by understanding the key causes of these attacks, you can work to reduce your risk as well as the impact if your information is actually stolen.