Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your university, your Internet service provider, your bank). Click on a link in the message – then all hell breaks loose and you could find yourself cleaned out. The SnapChat breach was a phishing incident.
Hacking and hackers are most commonly associated with malicious programming attacks on the Internet and other networks. This results in many issues that may affect infrastructure and software.
“Malware” is an abbreviated term meaning “malicious software.” This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner. The recent Twitter data breach (June 2016) – 32 million Twitter login credentials are now being sold on the dark web – appears to be the result of hackers infecting browsers including Firefox and Chrome with malware.
Is the use of online advertising to spread malware. Malvertising involves injecting malicious code that can hide undetected. The user has no idea of the potential damage that can be caused. You can pick this up from a malicious ad on a trustworthy site.
This is a type of malicious software designed to block access to a computer system until a sum of money is paid and the block is lifted. Trend Micro researchers recently discovered an updated version of the FLocker, an Android mobile lock-screen ransomware that’s capable of locking smart TVs as well. “FLocker will try to convince you that you’ve done something illegal with your TV and offer to let you get out of it by paying the ransom. Not in Bitcoin like most ransomware: this one demands $200 worth of iTunes gift cards.”
Stolen laptops, hard drives etc. can be a treasure trove for non-secured data and information.
Exploitation of Accidental Release
These category of risk includes data spill, improper disposal of digital assets, and other accidents or employee theft.
Once they have access to the data, thieves use stolen data to:
- Misuse people’s identities
- Commit financial fraud – all forms and types
- Use stolen information to commit additional crimes
- Launder money
- Impersonate people for the purpose of stalking and harassment
- Perform terrorism activities
- Corporate and other types of manipulation
Once it occurs, data breaches affect every aspect of your company and have a direct effect on many functional areas including legal, finance, IT, marketing, sales, and services.
What can you do to prevent data theft?
There’s nothing that will make you bulletproof. That said, there are a few simple steps you can make some great strides in protecting your brand, your customers, and ultimately your reputation.
Here’s a handy to-do list for your review:
- Your critical first step: technical security. Review all your potential internal loopholes
- Conduct a comprehensive risk assessment to identify threats, analyze potential harm, and identify what reasonable mitigation efforts you would take in event of a breach
- Understand the legal landscape
- Implement policies and procedures consistent with the legal issues
- Update your anti-virus technology, and keep it updated
- Train your employees, to build safer data handling habits and awareness
- Develop a written information security program and incident response
- Periodically review the program to guard against new and evolving threats
- Understand clearly what your plan is to isolate and mitigate a threat(s)
- Require your vendors to employ best security practices
- Make those requirements part of your contractual language, and include penalties for non-compliance
- Make privacy a corporate mandate for adoption – create a data breach team, and give it the authority to make changes where necessary for safety and security
There are many companies and organizations that offer data breach services and information. The Online Trust Alliance has some tremendous information on how to keep yourself protected online and also offers some great insight on data breech awareness planning.
Remember in our digital economy, it’s not a case of “If”– it’s a case of “when” a breach will occur. As John Chambers, CEO of Cisco for 20 years, famously said: “There are two types of companies: those that have been hacked, and those who don’t know they have been hacked.”