In 2022 alone, companies such as Microsoft, CashApp, GoodWill, GiveSendGo, and even Crypto.com suffered earth-shaking Data Breaches. Let’s shallow dive into some basics and a few dirty details of each before we cliff jump into the nitty gritty. Which is? Learning from these mistakes and ensuring we can defend and protect our businesses.
What is a Data Breach?
Simplistically, a Data Breach is a violation of security. More specifically, it is when info is stolen or taken from a system without the knowledge or authorization of the system’s owner. Any company, small or large, can be vulnerable to a Data Breach. This stolen data may involve sensitive, proprietary, or confidential information such as credit card numbers, personal customer information, trade secrets, or even matters of national security. The repercussions of such an attack can be minimal but at the worst, they can wreck entire companies.
Major Data Breaches in 2022
1. Microsoft
As a monster company, a Microsoft Data Breach has the capability to affect a majority of the population. Thankfully, the most recent in March of 2022 was not a worst-case scenario situation. While the hacker group Lapsus$ did breach the company, including the compromise of several Microsoft projects like Bing and Cortana, it appears no customer data was exposed. There has been talk about a possible political agenda behind the attack but Lapsus$ stands strong that the attack is just your typical money heist. Sarcastically speaking, whew! Good to hear. All in all, this breach has not had the tragic consequences that a company so widespread and dug in could have encountered.
CashApp, a stock trading app run by Block, which is owned by Square Trading Systems was exposed when a former employee downloaded corporate reports after leaving the company. This is a different type of Data Breach than we have learned about with Microsoft. No cyber attack “companies” if you will, but a sketchy or undertrained employee within the CashApp internal world was at fault for this oopsy. Block revealed the data exposure in a regulatory meeting and then contacted the affected customers. The exposed data involved only users of Cash App’s investing product, not the person-to-person payment service with roughly 44 million users. This could have had disastrous backlash but as of now, has not. The company has assured the public that ongoing measures of security are being implemented to prevent this in the future.
3. GoodWill
Nonprofit Goodwill experienced a Data Breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform. The attack disclosed contact information including first and last name, email address, phone number, and mailing address. Thankfully, no payment information was disclosed as ShopGoodwill.com does not store credit card numbers. Although the site vulnerability has since been repaired, customers’ feelings of security with the company took a sizable hit.
4. GiveSendGo
Hackers once again leaked donor data to the Freedom Convoy fundraiser hosted by the crowdfunding website GiveSendGo. The initial security issue was reported on Feb. 12th and the information on the breach was spilled. Private documents such as passports and driver’s licenses were able to be viewed by hackers. Not a good look for any company. GiveSendGo co-founder Jacob Wells ignored good Cyber Security Practices and allegedly called the issue “fake news.”
Here is the outcome of that silly approach: A mere two days later on Feb. 15, an even more detrimental leak revealed the entire donor history of every person who had ever used the company. Everyone. Ever. Also not a good look for any company. Especially when the world found out that credit card info, while limited in nature, was also visible during this attack.
5. Crypto.com
Being the newest and latest rage in investments, cryptocurrency has only a few top dogs for trading platforms so far. On January 17th of 2022, Crypto.com experienced a serious Data Breach and nearly 500 customers’ crypto wallets were targeted. Even though the blockchain is a relatively secure transaction method, the attackers used a simple technique to gain access to these wallets. By circumventing the site’s two-factor authentication system, the thieves nabbed $18 million of Bitcoin and $15 million of Ethereum. Yikes… Crypto.com representatives weren’t so forthcoming in their initial description of the hack but later rectified the situation and reimbursed the customers’ losses.
Why Data Breaches Devastate SMBs
SMB Data Breaches and Cyber Attacks may not flood the headlines but they comprise the vast majority of incidents. In fact, 43% of all breaches target small businesses. Sixty-one percent of SMBs experienced Cyber Attacks last year alone with varying levels of damage and an average of nearly 3 million dollars of loss per incident. With 25% of SB owners losing business after an attack, and more staggeringly, 60% of SBs lose their company altogether. Since more than half take over 24+ hours to recover their daily activities, putting in place a solid, experienced, and professionally executed Cyber Security Plan is crucial. This truly is vital to protect what you’ve built. No one relies on the school janitor to successfully repair an underground plumbing leak, right? Don’t place your financial future in the hands of anyone less than a professional.
Importance of Cyber Hygiene Best Practices
Just as regular maintenance and inspections are essential to extend the life of your vehicle, good Cyber Hygiene helps maintain your digital safety and security. By regularly reviewing your online accounts, software solutions, and online habits, you’re ahead of the game in Data Breach prevention. Other ways to stay up to date with good practices are installing antivirus and malware software, scanning for viruses, using firewalls, and updating apps, web browsers, and operating systems regularly on all devices. These utilizations may not be second nature yet but they easily can be made habitual. Schedule yourself once a month to review, assess, and do what is necessary to maintain your Digital Safety until this application becomes routine for you and your family members. Similar to hand washing and teeth brushing protecting your physical health, good Cyber Hygiene protects your digital health. Prevention is key! Let’s find out exactly how this is done.
Data Breach Prevention
While there are plenty of things you can do & software to help you, preventing Data Breaches starts with 5 simple concepts. These 5 concepts ensure that day-to-day functions are practicing good Cyber Hygiene techniques that significantly reduce your risk of Cyber Attacks. Here are the 5 concepts for Data Breach Prevention:
- Limit access to most valuable data – By limiting who is allowed to view certain documents, you narrow the pool of individuals who may accidentally click on a harmful link. You also keep the pool smaller and customized for those who specifically need access to this data. If a Cyber Security Breach DOES occur, the number of possible culprits is minimized. Some companies entirely refrain from saving any high-risk info, such as credit card numbers. This takes Cyber Security to a much higher level.
- Cyber Hygiene Training – You can never have TOO much education! If this article is sounding foreign to you, chances are you need additional training and assistance in order to prevent, recognize or recover from a Cyber Security Breach. Here are some concepts we cover in our Cyber Security Awareness Training programs:
-
- Threat Identification Training
- Disaster Recovery Planning & Data Backups
- Risk Management & Mitigation
- Compliance Protocols
- Featuring our Cyber Hygiene Academy!
-
- Update software regularly – This is key. Your network becomes vulnerable when programs aren’t patched and updated regularly. This may be the most cost-efficient & simplest method to prevent Cyber Attacks.
- Consistent auditing and reevaluating – As you can imagine, the methods of cyber hacking constantly change as the modes of preventing them become smarter and stronger. It only takes one savvy criminal to learn the ‘get around’ for even the most recent and effective prevention software. Minimize your risk by auditing your systems, keeping up with the latest and greatest tech, and upgrading the outdated and repeat. Audit again. Reevaluate again. Rinse and repeat.
- Use difficult-to-decipher passwords and change them regularly – YES. The good ole’ OG of all digital attack prevention. And it still sits on the throne as the most effective and first step to ensuring your private info stays exactly that. PRIVATE.
Protecting Your Data with OQP Solutions
Now that you have the skinny on threats and dangers of Data Breaches, what are you going to do with it?
Chances are, you’re in one of these categories or most likely part of both if you run your own business:
- You own a company that holds the ultimate responsibility of protecting data
- You’re just a regular everyday customer just trying to get your shopping done, join a discount program, etc.
At the end of the day, this is about protection.
Protect yourself. Protect others. Protect your company.
Take precaution. Use common sense and educate yourself, family members, coworkers, etc., on best Cyber Hygiene practices. Research new methods. Keep up on the recent Cyber Attacks and learn how NOT to become the next news headline. Good luck. Stay Cyber Clean, my friends.
If you would like to review your Cyber Security practices/policies/systems, contact OQP Solutions to set up a consultation!