People often don’t realise just how much data is stored on their websites. Even small, simple websites often have login information or contact form data stored on them, which can often include private details like phone numbers or email addresses. eCommerce sites have a lot more sensitive data to worry about – order and customer info including addresses, and sometimes even payment information!
Websites can be breached in a number of different ways; but the most common breaches are easily preventable. Most websites these days are made up of a number of different software packages, and if an exploit is discovered in any of them then cybercriminals will use this to their advantage to break into your website. The Heartbleed exploit in 2012 is thought to have seriously compromised over 500,000 websites, and that was just the most reported-on exploit that year, there are many exploits discovered and patched every month!
So what can I do? Talk to your web developer. Make sure there is solid policy in place for keeping the website up to date, and know what data is being captured and stored on the website.
We’ve already covered malware and infections, which can be transmitted through email, but there’s a more insidious, harder to detect method of stealing customer data via email: spear-phishing.
Spear-phishing is a criminal social engineering technique to steal data or money from an individual or company, or to infect the company with a virus. It’s an extremely common and effective attack; a 2016 study found that 91% of cyberattacks begin with a user clicking on a phishing email.
Now, antivirus and firewalls may well spot emails that lead to infectious links or the like, but what about an email simply saying:
Please send me our latest client database, I’m getting new flyers printed.
An email like this, customised to your company, can be startlingly effective. With tricks like using an email address similar to yours, the cybercriminal can make emails like this very convincing; and given it doesn’t feel like money is changing hands or there is any risk of infection, your employee’s guard isn’t up.
How do I prevent this? Employee training is vital; they need to know what can and can’t be released from the company, and to who. But the risk can be heavily reduced with some email management tools that clearly show your employees whether an email is from you, or someone pretending to be you.
This way of losing sensitive data is often overlooked or forgotten, with disastrous end results! When a laptop, computer, or phone dies, what do you do with it? Some businesses have IT recycling companies on contract who dispose of the device correctly, but some just throw out their hardware, and that’s where the problem lies! There is a subset of criminals that root through improperly disposed-of hardware looking for hard drives, and steal data from your thrown-out machines!
What do I do? Fortunately, this problem is easily solved. In fact, there’s a number of regulations regarding how you dispose of computer hardware that for most companies this won’t be an issue at all, but it’s important to just remember that hard drives don’t stop working just because the rest of the computer has!
To Sum Up
You have a lot of sensitive data, and it is probably stored in many different locations. A breach can cost you millions, to say nothing of reputation damage, so keeping control your data is a priority.
Your data is worth a lot, so cybercriminals will stop at nothing to steal it. You’ll come into contact with viruses every day, so you have to protect your systems and email. Your employees are carrying around devices with sensitive information on them, so they should be just as well protected as your office network. Your website and old hard drives probably have sensitive data to keep track of too!
All this can seem a little overwhelming, but with some preparation in advance you can rest easy knowing your data is safe and protected.
If you’re interested in anything we’ve talked about above, call us on 01342 333000 or email [email protected]