Data Security Standards: How to Prevent a Breach and Secure your Data
Decrease the Chances of an Attack Happening to You or Your Company
Kelsey Young, Copywriter and Media Specialist
7 Min Read
As technology advances, the more technology innovates our daily lives. However, this also means cyberattacks will become commonplace. It’s time to stop a moment and ask yourself, is your data protected? Is your business’s data protected, and therefore your clients?
Cybercrime increased dramatically in the last year and it is likely number will continue to grow in 2023. According to TechRadarPro weekly cyberattacks increased by 38% from 2021 to 2022. Part of this is due to the increase in virtual workspaces and work from home opportunities. But also, because 2022 saw an uptick in the number of cyber threat actors taking advantage of the pandemic’s disorganization.
Additionally, The United States alone saw a 57% increase in cyberattacks by the end of 2022.
Attackers specifically targeted education and healthcare organizations. Education because of how quickly they had to switch to online learning. Healthcare because of the sheer chaos they faced in the middle of the pandemic.
Data security continues to remain a top priority in 2023. Cybersecurity prevention is still considered the best practice on not just a corporate level, but personal as well.
The Human Element of Data Security
Who is the most vulnerable to data security breaches? The short answer is-everyone.
Cyberattackers want personal information they can use for ransom, or to sell to another party. They could also be after financial information to impersonate you online.
The unfortunate truth is that it only takes one person to fall victim to an attack. Just one person to let the cyber threat actor into a system protecting the data of thousands.
For an example, let’s look at the average educational institution. According to Public School Review, the average student population size for a United States public school in 2023 is 514 students. The average class size is 24. Rounding down, this school would have 21 classes with at least 21 teachers. Schools also have other professional staff such as counselors, paraprofessionals, teachers aid, librarians, administration and more. Adding all these individuals into the equation means the school could have data on 550 people or more if they have records on past students. Then you could take into consideration the contact information for every parent or guardian. Assuming each student has two contacts, that is an additional 1028 individuals with information in the school’s system.
Imagine one day, a teacher in the building receives an email from their principal about a change in schedule for their testing days. They are told to use the link included in the email to view the new schedule. They click the link in the email.
That moment, that single click, is all the cyber threat actor needs to access the system. That one person accidentally falling for a phishing attack now means the attacker has access to steal or encrypt precious data.
The same basic scenario can be applied to any business. It only takes one employee to open the attachment for a cybercriminal to breach your data.
Ways an Attacker Will Try to Get Your Data
Individuals with malicious intent who engage in illegal, unauthorized access are not always connected to some corrupt company or foreign government. They could be the neighbor kid who needs to earn a couple of extra dollars. Cyber threat actors can generate malicious codes to scrape information online, and then sell that code to others on the dark web.
Education is the first step in keeping your data secure.
The most common type of cyberattack is Phishing. Knowbe4, the world’s largest integrated platform for security awareness training, states these attacks can come in the form of emails or text messages. Phishing attempts to acquire sensitive information by impersonating a trustworthy source. They use bulk email to try to evade spam filters. This attack is like the example highlighted above.
Ransomware is the next most common type. This malicious malware locks users out of their devices or servers until a specific amount of money. This downtime affects productivity and could still result in the loss of intellectual property even after the ransom is paid. KnowBe4 also estimates that ransomware attacks occur every 2 seconds. KnowBe4 also predicts that by 2026 ransomware will have cost the world 71.5 billion dollars (about $220 per person in the US).
The defining thread with these data breaches is that they all contain a level of social engineering. Social engineering is a type of psychological manipulation. The attacker will pose as someone who has a perceived authority. This could be a person or an organization of title or standing. Either way they ask you to do something urgently. Have you ever received an email from your boss asking you to review information urgently, but the email sent from a personal email? What about a phone call about your car’s extended warranty?
These are both examples of attempts to breach data. Their intention is to spur a sense of urgency so you will not look closely at the details of their message. They just want their victim to act, thus falling into the trap.
Best Practices to Keep Your Data Safe
IT (Information Technology) professionals will tell you that there is no 100% foolproof way to keep your data safe. However, using best practices will decrease the chances of an attack happening to you or your company.
Individuals and members of your organization should keep up to date with the knowledge of how cybercriminals attempt to deceive. They should also be aware of techniques to protect themselves. Patience, education, and a healthy dose of skepticism will go a long way to prevent cyberattacks keeping yourself and others safe.
The single best habit you can practice is using Multifactor Authentication (MFA). Yes, that application that makes you confirm numbers on your phone, scan your saved biometrics, or sends a confirmation email. It’s not perfect, but it is better than having nothing at all.
Next, take password security seriously and follow the common advice of using a different password for each new login. Use a password manager like LastPass or Dashline. These add-on extensions can store the autogenerated password when you create a new account. When you do have to create a new password, consider using a passphrase. A series of unrelated words, numbers and symbols which do not logically belong together. It will be harder to crack.
To reframe this thinking, without either of these security measures, consider the following. You won hte lottery and you leave your winnings hidden in your sock drawer. Without an MFA or Password Manager, all the cyber threat actors face is one level of security, your locked front door. With both of these practices, you lock your money away in a safe that can only be opened with your biometrics. Then the safe is housed in a closet with a padlock. It would take someone a lot more effort to get to your money in this scenario, therefore deterring the criminal and keeping your data safe.
Third, best practice is to exercise caution. As explained earlier, these attacks are grounded in social engineering. If you receive an email that you think is off, don’t respond right away. Ask yourself if this is standard communication practice for this person or organization. Double check the email address or phone number. Look for small changes or divergence from company practice, such as extra numbers or punctuation. Do not click on a link or attachment before hovering your mouse over it. You will be able to see to what website the link will take you. Also, always use the mobile app or website to access your accounts, do not click on the link.
Finally, consult with the experts to educate yourself and your employees. Global Data Consultants, LLC (GDC) takes a proactive stance on security threat management (STM) that identifies and fixes the root causes of your vulnerabilities. GDC can help you make your network, systems, and data more secure. They can perform IT check and security assessments which will analyze your organization’s internal and external security landscapes. This can identify points of failure and generate contingency plans.
