One of the best ways to improve is to learn from others’ mistakes. The good news is, with cyber security, there’s no shortage of curriculum.
Looking at the last year alone, we’ve seen devastating cyber security attacks and data breaches that affected millions of Americans. The healthcare industry, the federal government and one of the country’s largest financial service providers were targeted, illustrating that all companies that use a computer, cell phone, tablet or other digital device are at risk.
So let’s put the pages of history to use and learn something from them, shall we?
-
Healthcare
Three cyber attacks in 2015 underscored the vulnerability of the healthcare industry. Premera BlueCross BlueShield took a hit when hackers stole data from 11.2 million subscribers. Social Security numbers, bank account information and addresses were leaked, along with medical information that put victims at risk of insurance fraud.
BlueCross BlueShield was hurt again when hackers illegally accessed Carefirst information. Although names, birthdays and email addresses of over one million members were compromised, Social Security numbers and medical information were protected by password encryption.
That wasn’t the case for Anthem. The Wall Street Journal reported that 80 million unencrypted patient and employee records at Anthem were compromised in a data breach.
The lesson: Millions of victims, three large companies and one vulnerable industry can teach us at least one thing for the coming year: encryption is vital to the safety of your data and digital documents. It was a factor in Premera, the largest reported breach involving patient medical information, and Anthem could have protected sensitive information if it had implemented encryption. Carefirst showed that even simple password encryption can be an effective step to mitigate risk.
Government
When a contract employee transferred data to a non-accredited third-party data center, private information of 850,000 Army National Guard employees was exposed. Although the incident was not considered a hack because the leaked information wasn’t used unlawfully, it made information of many government officials vulnerable.
Made public in early June, the Office of Personnel Management (OPM) suffered one of the largest cyber attacks in history when hackers accessed the personal information of current and former government employees. More than 5 million fingerprints were stolen along with the social security numbers and addresses of 21.5 million people. As a direct result of the attack, OPM deployed a two-factor authentication policy that had previously been neglected because it required a full code re-write for the outdated system.
The lesson: If the federal government is at risk, we all are. Two-factor identity authentication is a proven method to mitigate the risk of a cyber security breach. Don’t be annoyed when you have to answer your mother’s maiden name or enter a code that was sent to you via SMS – steps like these can go a long way in avoiding some of the most destructive data breaches of the year. Also, an investment in current operating systems that integrate with innovative security can save time and money in the long run. Nobody wants to be the subject of a headline that says, “White House orders government IT to do what it should have done in the first place.”
Financial Services
In October, Scottrade revealed that hackers accessed the private information of 4.6 million clients. The incident could have been worse—only names and addresses were leaked—but the deeper issue was the company’s lack of awareness. The attacks occurred between 2013 and 2014, but Scottrade didn’t know its data had been compromised until federal authorities uncovered the issue this year.
The lesson: It’s impossible to fix a problem you don’t know about. With e-signatures in particular, tamper-evident technology alerts signers to any changes that are made after a document is signed, which can help detect fraud. Audit trails can also help identify foul play, because they track each time someone opens, sends or signs a document.
Using cyber security measures like data encryption, two-factor identity authentication or tamper-evident technology doesn’t mean you have full immunity to an attack, but they will always reduce your cyber risk.
With these lessons in mind, is it time for you to make a New Year’s Resolution and improve your cyber defenses?
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.