Most data breaches happen because of missed oversight or exploited vulnerabilities

Whenever we hear about huge data breach scandals like the recent Yahoo fiasco or the TalkTalk hacking, we think “how could this happen to such a large company?”

With large businesses and companies, one would expect them to be big and grand in all areas, including cybersecurity. In a shopping centre, you’d think the bigger the shop or the more expensive the items they sell would mean their security is stronger. However, realistically, these data breaches still happen to large companies because they don’t always prioritise their security.

To have strong cybersecurity, companies need to invest time and money to put in a good and up-to-date, robust security system that can withstand an attack. You wouldn’t have a thin plastic door to your diamond jewellery store; so why have poor cybersecurity? Very often, companies might have missed some small but obvious detail meaning the keen eyed hackers can find a way in.

What’s the use of a big heavy door if you don’t actually lock it?

Both Yahoo and TalkTalk have been breached more than once. Common sense would be to learn from the first time, up your security big time, and be vigilante in monitoring any further breaches. But no: Yahoo and TalkTalk were hacked again. The first hackings would have likely exposed certain vulnerabilities that companies should have patched up immediately. Leaving them open is like having a broken window but not fixing it immediately. If anything, it’s expected that someone will use that window of opportunity.

Carelessness

Cybersecurity expert Stephen Boyer spoke about these points in a recent interview regarding retail companies and their security ratings. The Co-founder and Chief Technology Officer of BitSight said that it really is the company’s own carelessness. They have an obligation to have “good control” and the key is to “monitor and protect”.

Continuing, he said companies, especially retail, need to:

“…not only look at their own systems but the supply chain and monitor and watch that very diligently.”

Cybersecurity is no longer something that online banking needs; anyone with an online presence must have it too. Even small companies have some protection. Boyer explains that all online retailers must adhere to data protection laws by installing at least basic credit protection if it uses customers’ online banking.

Consumers need to be keep an eye out too. When using the internet, be diligent of any unusual activity.

• When checking your emails, make sure they are from legitimate senders;
• Never follow instructions from emails telling you to resend bank details or anything similar. If in doubt, leave it;
• If you need to contact the sender, don’t click reply or use whatever number they give, google the official one and ask there;
• If something seems off, like the formatting or the font is not quite right, it could possibly be scammers;
• Make sure your usernames and passwords are unique and contain a mixture of letters, numbers and special character if you can. This makes it harder for hacking software to guess your password;
• Check your credit history regularly and ring your bank immediately if there are unauthorised payments being made or otherwise.

If there has been a breach and your personal information has been accessed, scammers may try to ring you and pretend to be authorised personnel by telling you your date of birth or address. Always ask questions to see if they are legitimate. Don’t be afraid of sounding rude by telling them you’re busy and you’ll ring them back soon after. Look up the company they say they’re from and call the official number listed there.

5 data breach trends that may grow in 2017

Whistle-blowers reveal Indian call centre scammers targeting TalkTalk customers following massive data breach