The worst data breaches you didn’t know existed

No business or organisation is immune from data interception and theft. In 2018, the UK Government’s annual Cyber Security Breaches Survey found 43% of businesses experienced a cyber security breach or attack in the last 12 months, but only 27% have formal policies covering cyber security risks.

Recent high-profile data breaches from the likes of British Airways, Marriott and Facebook – giants of the business world – are vulnerable to data theft. For even the smallest businesses, data security should be a priority. Here are some of the worst data breaches you didn’t know existed – and how to use information security management processes to prevent them.

Website breaches

For many businesses, your website is one of your primary assets, so it’s important to arm it with premium protection. Website breaches can be devastating and can include denial-of-service (DDoS). Attacks where hackers make a site unavailable by flooding it with spammy traffic until it crashes. This blocks access, and the domain can fall subject to ransomware. A preventative action against this is a sophisticated firewall.

Platform or web application vulnerabilities

Are you sure any portals to your website and supporting applications are secure? This includes platforms like WordPress, Shopify and HubSpot, among others. Advanced Persistent Threats (APTs) slowly break into a network in waves so they avoid detection. Firewalls work to protect you, and it also helps to block known threats using blacklists. If the threats are unknown, however, whitelist security policies are appropriate. Ensure your data is encrypted and perform regular system cleans to weed out any threats in their infant stages.

Misconfigured cloud services

External storage services like Dropbox and Google Drive have stored away from your hardware on ‘the cloud’, providing another barrier against viruses that attack your computer and network. However, they’re not completely secure and are still subject to their own vulnerabilities and malware. Cloud workload protection, for example, uses AI to spot faults in cloud systems and rectify them. It’s also well worth having multiple data backups if you lose some of your data.

Failure to identify and manage assets

Having unmanageable or lost assets can leave them vulnerable to impersonation, phishing, or even inside attacks! Make sure your access privileges are controlled and have inbuilt security measures like multi-factor identification: maybe security measures like a thumbprint or facial recognition are appropriate for your organisation.

Theft

While you may think your virtual security barriers are intact, what about your physical ones? Data thieves don’t just hack from a laptop in a basement a hundred miles away; assets like USBs and hard drives can be physically stolen, breaching the data security of your employees and customers.

Bringing together these measures may seem like a hugely insurmountable task, but a sound information security management process isn’t a distant dream. ISO 27001 is the go-to for establishing a watertight data security management system, providing you with the framework and guidance you need to remain up-to-date with the latest trends in cyber security. Find out more about ISO 27001 here.