It seems like every other day we hear about a data breach impact millions or even billions of user accounts. For instance, the Yahoo! data breach, which is the largest data breach of the 21st Century, impacted over 3 billion user accounts.
Despite the fact that breaches have become daily news, many people don’t know how they happen.
4 Ways Data Breaches Happen
1. Spear Phishing
Spear phishing is a targeted email to that appears to be from a trusted individual or source. Common forms of spear phishing include CEO fraud, malicious attachments, and some even include forms of ransomware.
What Can You Do?
Always do your best to ensure an email comes from a trusted source, don’t click on any links or download any file attachments that seem suspicious. If you have any concerns, don’t click on anything and immediately report the email to your IT department or company.
2. Stolen Credentials
Stolen credentials simply mean that someone’s username and passwords got exposed, and many times it leads to additional accounts being exposed. Just one stolen passwords can lead to millions of more accounts being compromised.
What Can You Do?
Always create the strongest passwords possible and create a required policy for all passwords in your organization. A strong password generally consists of at least 8 characters, upper and lower case letters, and special characters. Also, don’t use personally identifiable information in your passwords like your name, birthdate, etc.
3. Unpatched Vulnerabilities
Devices become more vulnerable to attacks when the proper updates and security patches aren’t put through. This allows cybercriminals to identify backdoors that are wide open allowing for easy access.
What Can You Do?
Follow the policy and procedures set by your IT department to ensure your devices are updated.
*Did you know that Microsoft is ending support for Windows 7 on January 14, 2020*
After this date, Windows will no longer be sending updates and security patches to Windows 7 devices.
4. Human Error
Generally, human error is the cause of most data breaches. We can’t stop hackers from sending phishing emails, but we can do a better job identifying spam emails and not clicking on bad links or attachments.
What Can You Do?
At Cyber Riot, we offer Cyber Security training designed to help your employees identify different types of cyber threats.