Oh, data breaches. With every passing day there is another story in the tech news, and often even mainstream news, bringing to light a breach that exposed the personal data of thousands, if not millions of users, as well as the vulnerability of the organisations that should have been keeping it safe.
If daily sounds a little extreme, why not do an experiment with us? Type “data breach” into Google News and see how many news stories pop up. For example, a recent news story detailed a recruitment company data breach in which private information was leaked without her knowledge. Whether new breaches or new information on the damages of old breaches, data breaches are now daily news.
First biometric data breach
At the time of writing, for example, news broke of the first biometric data breach to ever occur.
That’s right. Suprema, a biometrics security company, was found to have facial recognition records, fingerprints, log data and personal information on “a publicly accessible database,” exposing the records of millions of people. But they’re not the only ones.
As of mid-2019, Risk Based Security reported that 3,800 data breaches had already occurred, resulting in the exposure of 4.1 billion records. The report, unsurprisingly, found email and passwords to be the top two culprits for the breaches, making up 70 per cent and 65 per cent respectively.
While the endless news of breaches is enough to make everyone wonder if data security is actually possible, there are lessons to be learned from the data breaches of the past, in the hopes of reducing them in the future.
Introduce an IT security policy, and stick to it
Too often, small businesses fail to put IT security policies in place, and large organisations fail to follow theirs as strictly as they should.
In the case of Suprema, Instagram, Facebook and numerous others, following an IT security policy that forbade staff from putting information on publicly accessible databases or servers would have been all it took to stop the breaches that went on to risk the records of millions of users. Getting help from data governance consulting services can also aid well in controlling sensitive data that are accessed and managed by different parties. They can give comprehensive support to monitor activities to discover human errors and risks that can turn into breaches.
Time to take control and safeguard against human error
It’s time for businesses to acknowledge that passwords are inherently flawed, and it should be assumed that they are breachable. With the sophistication of hacking tools as they are today, any hacker that wants your password can get it. Unfortunately, passwords aren’t going away any time soon, however the way they are used and secured needs a massive overall to give you at least half a chance. If you are still relying on “complex passwords” you are looking for trouble.
Look into multi-factor authentication solutions to add an extra layer of protection to passwords and minimise the risk of breaches as a result of weak passwords amongst staff. Replace passwords entirely if you can. People are not capable of remembering the complex configurations that most organisations expect of them, so keep things simple. It should be the responsibility of the business to ensure they are secure, not the responsibility of the staff.
The most common theme underpinning data breach stories is that human error occurred and someone took advantage. It is worth, in that case, considering a drastic tightening of protocols. Don’t pass blame around staff when measures could have been put in place to safeguard against the risk of human error. Making things easier for users tends to promote co-operation with policy; the harder it is, the more they will resist.
Data breaches – where to find out more
To find out more about the flexible, scalable solutions that can defeat outdated, traditional password authentication methods, read our Solutions page. Or please get in touch with Authlogics to discuss how we can help protect your business from data breaches.