The past few years have seen a steady increase in major hacking incidents, with high-profile breaches at corporations like Target, Sony Pictures and Home Depot as well as the US government making headlines worldwide. These breaches compromised consumer credit and bank account information, personal correspondence and data such as Social Security numbers.
Big companies aren’t the only victims — hacking is on the rise at small and mid-sized companies too, and consumer identity theft is a global problem.
But why is this crisis reaching a boiling point now? Here are three factors behind the increase in data theft :
- Companies are conducting more of their operations online. The top reason for the rise in hacking incidents is the most obvious one: There’s more information to steal. Most companies conduct a significant portion of their operations digitally these days, including money transfers and storage of sensitive personal and financial data. Hackers know that if they can gain access to this treasure trove of information, they can use it or sell it for a profit.
- Hackers are using high-tech tools. It’s not only businesses that have automated key processes to save time and streamline workloads; hackers have built sophisticated malware to help them target companies and consumers. Today, cybercriminals can run automated scans of websites to identify vulnerabilities and gain access to data using dictionary attacks (word combinations to crack passwords) and keylogging (user keystroke tracking to access data).
- People value convenience over security. Hacking remains profitable because too many people don’t take security seriously. The investigations that follow major data breaches almost invariably find that employees or vendors had been careless with log-in credentials or used ineffective security practices. And as bad as the problem is for major companies and government agencies, it’s likely worse at smaller companies with fewer security resources.
So what can companies do to reduce their vulnerability to hacking attacks? The areas over which businesses have the most control are their online operations and employee security practices, so the best way to cut risk is to address those areas. At a minimum, employers should make sure their operating system and antivirus protection is up to date. Security software providers continuously scan for new threats, so it’s important to have the latest version of protection.
Employers should also make sure employees are using good security practices online. Companies can do this by making a review of safe online security practices a standard component of their orientation program for all hires. The company should also have formal security policies in place that address onsite and offsite device usage, and they should require staff to sign an acknowledgement to indicate that they understand and will abide by the company’s online security and data handling policies.
The formal security policy should also address passwords since weak passwords are frequently a point of entry for hackers. It’s a good idea to require employees to use strong passwords that consist of both upper and lowercase letters as well as numbers and symbols. Companies should also make sure employees change passwords every 30-60 days. A good password management solution might be the best strategy to implement such a policy since using complex passwords for every site and changing them frequently is a challenge for most employees.
The three major drivers behind the increase in hacking incidents aren’t going away anytime soon, so it’s smart for businesses to strengthen security in every way they can without losing the benefits of an increasingly cloud-based and mobile operating ecosystem. Stronger security training and policies can help. And a strong password policy is a must.
The important thing to remember is that company data is only as strong as the weakest link in the security chain. Companies that recognize this and actively work to reduce vulnerability will be in a better position to prevent a data breach — and avoid becoming a statistics.[su_box title=”About Bill Carey” style=”noise” box_color=”#336588″]
Bill Carey is Vice President of Marketing & Business Development at Siber Systems Inc., which offers the top-rated RoboForm Password Manager solution. Find out more about RoboForm visit HERE.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.