When we hear about a data breach, it’s always the “other” company. We think it will never happen to ours until it does. No company anticipates a data breach occurring. It comes as an unfortunate surprise, and all you can do is take preventative action.
Two important factors to eliminate the risk of serious damage to your business, staff, clients, and reputation are:
- Eliminate: Remove vulnerable entry points through which data can be stolen.
- Be Prepared: Since data security is never 100% guaranteed, always be prepared to respond to a data breach so you can reduce the damage and recover quickly.
Below are examples of two companies that experienced a data breach in 2022 and the lessons we can learn from them.
1. Community of Hope DC
Community of Hope’s mission is to improve health and end family homelessness in Washington, DC.
On February 7, 2022, unauthorized access to an employee’s email account was discovered when the employee saw that spam messages being sent from the account. COHDC immediately secured its environment and began an investigation.
COHDC used the services of an independent cybersecurity expert to help find the cause and determine whether any personal information was accessed. Law enforcement, the Department of Health and Human Services Office for Civil Rights (OCR), and affected individuals were notified.
What Can We Learn?
Email can be vulnerable to a data breach, especially during the sending and receiving process. Protect the information in your emails by:
- Keeping business and personal email accounts separate.
- Changing your password regularly and using a variety of letters, numbers, and characters each time.
- Turning off the auto-resolve function that fills in a suggested email address as you type, since this could result in sending the email to an incorrect address.
- Reducing an email forward or reply to its pertinent information to avoid forwarding embedded objects, attachments, or sensitive information unintentionally.
- Watching for phishing emails. Take the time to carefully check who the email is from and check the destination of each link by hovering over it with your mouse and looking at the link preview.
- Using a robust virus screening software to scan incoming emails.
How to Tell When Your Email Has Been Compromised
- Your password has been changed without your knowledge.
- You receive a large number of unexpected emails.
- Your “sent” box shows emails that you have not sent.
- Your clients or friends tell you they are receiving spam from your account.
- Your server log shows logins from an unknown IP address.
- Your stolen data appears online in a public forum.
2. Cash App
Cash App is a mobile payment service available in the US and UK that allows users to transfer money to one another using a mobile phone app.
In April 2022, a former employee with an axe to grind downloaded customer information from its servers, including customer names, stock trading information, account numbers, portfolio values, and other sensitive information. Fortunately, no account credentials were stolen and the hacker only stole a limited amount of identifiable information.
What Can We Learn?
Sabotage by a disgruntled employee can be one of the single most destructive attacks on an organization. In fact, Verizon’s 2021 data breach report indicated that insiders, such as current and former employees, are responsible for around 22% of security incidents.
Here’s how to protect your information:
- Revoke access to internal systems and change passwords immediately when an employee leaves your company.
- Institute restricted systems permissions for all employees so that no staff member has access to any information they do not need in the course of their job. If job responsibilities change, permissions should be reviewed and updated as needed.
- Have a security incident response team ready to respond in case of a data breach.
- Keep up-to-date backup files going as far back in time as you can. Store one copy in the cloud and one copy in a secure, offsite media vault.
- Utilize data encryption.
- Contract employees should use temporary accounts.
- Remove inactive or stale accounts.
Using the services of an offsite records management company will also help your organization maintain a secure environment from both external and internal data breaches.
Pacific Records Management provides secure records and information management services in California’s central valley. For help protecting your data, call us at 800-685-9034 or complete the form on this page. Our friendly experts are standing by to help you prevent a data breach.