The Ultimate Manual For Data Breaches

Data breaches are quickly becoming an everyday affair. Equifax, Yahoo, Facebook, Dubsmash, Marriott International, Zynga, and more have seen breaches happen to them. Millions—and sometimes even billions—of people are getting affected with their private data inadvertently showing up on the dark web.

Hackers somehow manage to infiltrate websites, online stores, payment companies, and banks to steal consumer data for fraud, identity theft, and worse. Moreover, the endless string of breaches fuels a black market of looted data, where the leaked or stolen data is being sold to the highest bidder.

In short, the picture isn’t rosy.

Consumers and businesses both have to implement necessary measures to protect sensitive assets. To help, we’ve created this comprehensive guide to help you understand data breaches, how they occur, and how you can minimize damages in the event of an actual breach.

What Are Data Breaches Anyway?

A data breach is an unanticipated event where a third party—be it a person, company, or government—gets unauthorized access to your data and information assets.

The European Union General Data Protection Regulation (GDPR) defines data breaches as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.”

Data breaches are practically the new epidemic. In the United States alone, the total number of data breaches reached 1001 cases in 2020. Hackers use the stolen information to gain further unauthorized access to accounts, run ransomware attacks, steal money, or simply sell the data on the black market.

The only good thing to come out of these huge numbers is that businesses and governments are now finally taking digital security seriously, where they’re researching and investing in a more robust digital infrastructure and implementing more security improvements.

How Does a Data Breach Happen?

Here’s a shocker: Several data breaches could’ve been prevented by following simple cybersecurity best practices.

Contrary to popular belief, data breaches aren’t the evil genius of highly skilled thieves. Most of them result from hackers finding (and exploiting) basic security vulnerabilities in a system, making it easier for them to steal data.

There can be a host of factors that leads to a data breach. Here are a few of the most common ones:

Presence of Vulnerabilities

Handling any vulnerabilities in your IT infrastructure ASAP should be your top priority if you want to protect your assets from cyber attacks.

Even a minor security gap in a critical system can do severe damage if hackers exploit it in the right way. Therefore, you must do your best to cover the security gaps before they pose a serious risk.

Installing vulnerability scanners, for one, can be a great first step to identifying whether you have any vulnerabilities present in your system.

Password Mismanagement

You need a strong password, and no, a simple 123456 isn’t going to cut it.

Weak passwords or stolen passwords are the most common reasons for data breaches. It’s why you need originality and complexity in your password, rather than using phrases that a program can easily crack.

People avoid setting strong passwords as they think they’ll end up forgetting them and because accessing accounts will become slightly more complicated. While it’s true that gaining access to your account may not be as easy when you have a complicated password, it’ll be the same for hackers who are constantly on the lookout for ways to gain access to your personal data.

Multi-Factor Authentication (MFA) is another excellent measure that adds a protective layer around your assets to protect them if you have a weak password.

You should also manage the physical security of your passwords and files stringently. Writing passwords on a sticky note at your desk or creating a notepad of all your login credentials come under password mismanagement, which can put you and your company at risk of a serious data breach.

Malware Occurrences

Malware is a malicious software program deployed in a system or application with known vulnerabilities.

The different numbers and types of malware make it a common factor in a data breach. It can be anything—a program that tracks your activity or a ransomware attack that locks you out of your own software program until you pay a ransom to re-access the data.

Malware is also difficult to detect. Hackers can camouflage it from antivirus software by making small modifications in the malware program before injecting it into your system or application via phishing attacks or by using exploit toolkits.

Mishandling Important Hardware

Mishandled data-carrying hardware, such as laptops, CDs, hard drives, or even printed material, is another common cause of a data breach. Hackers can steal these devices to access the data or information stored.

Of course, thefts of such kind are opportunistic and unpredictable. It’s why you should do your best to manage your data-carrying devices with care and encrypt them to prevent the data from getting into the wrong hands.

Insider Accidents and Threats

You can have an insider who accidentally exposes critical data and reports or a malicious insider who reveals the data and information intentionally and without authorization for personal gain.

Both can be a nightmare for your company.

Disgruntled employees or employees who leave your organization on poor terms are your biggest threat. They may try to leak sensitive information that could be beneficial to your competitors in exchange for money or to harm your company’s reputation.

Luckily, you can use data loss prevention software tools to prevent willful or accidental data breaches caused due to insider threats.

Now that we’ve covered the common reasons for a data breach, let’s take a look at some of the significant data breaches that compromised the information of millions.

Data Breach Example 1: Equifax

  • Number of People Affected: 147.9 million.
  • Data Compromised: Names, Social Security numbers, addresses, driver’s license numbers, birthdays.

On September 7, 2017, one of the largest consumer credit reporting agencies, Equifax, suffered a data breach that exposed about 147.9 million customers, making it one of the most alarming data breaches in United States history.

The breach was caused due to an application vulnerability on one of their websites. According to experts, inadequate system segmentation made lateral movement easy for the attackers during the breach.

In the breach, personally identifiable information (PII) like birthdays, social security numbers, and addresses of over 143 million users were compromised. It also exposed the credit card information of around 209,000 consumers.

The number increased to 147.9 million in October 2017.

Data Breach Example 2: Marriott International

  • Number of People Affected: Approx. 500 million.
  • Data Compromised: Names, addresses, date of birth, passport numbers, phone numbers, encrypted credit card numbers.

Marriott International shook the world when it announced that attackers had stolen data on approximately 500 million customers in November 2018.

The breach initially occurred on systems supporting Starwood hotel brands starting in 2014. Unfortunately, the hackers remained in the system long after Marriott acquired Starwood in 2016. What’s more, the attackers were not discovered until September 2018.

The hackers stole the contact information, passport number, Starwood preferred guest numbers, and other personal data of past and current guests.

The credit card numbers and expiration dates of more than a hundred million customers are believed to be stolen as well. Marriott is uncertain whether the hackers were able to decrypt the encrypted credit card numbers.

How to Handle a Data Breach Effectively

In this section, we’ll discuss how you can mitigate financial and reputational damage if you do get breached. From careful strategizing to assessing breaches to finally fixing the problem, there’s so much you can do to minimize damages.

Step 1: Have a Strategy in Place

If you plan on responding to a data breach after it happens, you’re in for a lot of trouble.

Just like you assess and consider other risks like fire, severe weather, or theft, cyber-attacks should also be on your agenda, where you plan for them as part of your business continuity strategy.

A post data breach event, for instance, should consider a number of issues, such as:

  • Notifying customers and making public announcements
  • Assessing the scope of the breach
  • Taking care of legal procedures to report the event
  • Getting in touch with your insurance agent and carrier
  • Communicating with the board, customers, media outlets, and so on

You should have a clear framework where every employee knows which aspect of the plan they‘re responsible for. For example, you can have one person inform the insurance provider of the information they need to provide in case of a data breach, and another formulate the official statement announcing the breach.

Other departments, including IT, public relations, HR, legal, and operations, should also be a part of your data breach strategy.

Knowing how you respond to a data breach in advance will help you save time and money and ensure faster recovery to minimize damages.

Step 2: Carefully Evaluate the After-Effects of the Data Breach

If you are breached, you and your team should immediately pull their socks up and analyze the extent of the data breach and if your systems are still under any threat.

All your data should be categorized in a way that makes it easy to determine whether personal information, such as medical records, financial information, and Social Security numbers were compromised. Doing this will allow your company to accurately and quickly notify customers about what happened and how they were affected.

Step 3: Work On Fixing the Problem

You can use external resources for more guidance and assistance in managing a data breach. For instance, you can have an attorney or a data breach coach experienced in security and privacy compliance issues.

You can use their experience and expertise to develop a communication strategy surrounding the incident, like when and where the breach occurred and what actions are being taken to recover. While you’re at it, make sure you also document expenses, such as time spent recovering and estimates for the total cost of remediation.

All these efforts together will help you secure your company’s data network and refine internal and external communications plans. You can also use them as evidence if the data breach results in a legal battle.

Step 4: Assess and Examine Your Systems Thoroughly

At this stage, you’ve determined how, when, and where the data breach occurred.

Your IT staff should next work to fix patches or eliminate loopholes and security gaps to get your system back on track. Systems must be tested (and retested) thoroughly to identify process gaps and confirm that all sensitive company and client data are actually secure.

Step 5: Learn From Past Mistakes

Now it’s time to learn from the data breach and ensure the same mistakes aren’t repeated—ever.

Once your system is patched with all security eliminated, you should create awareness within your company and encourage employees to adopt cybersecurity best practices.

Here’s a list of security measures that you can take to prevent data breaches in the future:

  • Hire a cybersecurity specialist to educate employees about best practices
  • Monitor your IT infrastructure
  • Implement role-based access control to protect your data from unwanted exposure
  • Secure all endpoints in your IT infrastructure to prevent any accidental security breach
  • Maintain a backup of all your data
  • Evaluate third-party vendors, and work with those who match your cybersecurity standards

Incredible companies use Nira

Every company that uses Google Workspace should be using Nira.
Bryan Wise
Bryan Wise,
Former VP of IT at GitLab

Incredible companies use Nira