8 Simple Tips to Protect Your Small Businesses Data

Our digital business world certainly has its positive attributes, but you must protect your small business data.  We can hold video conferences with clients across the country, or send documents to co-workers instantly no matter the time of day.

As long as we have wi-fi, our office can be anywhere.

That’s scary.

Unfortunately, as incredible as the technological advances are, it has become far too common to wake up in the morning and read about yet another massive data breach that disrupts a large organization with an important online presence.  All the while, disrupting innocent and unsuspecting customers using their service and leaving their suffering in their wake.

This doesn’t just happen to big companies.

All it takes is one employee mistake.  Whether it’s an executive using the wrong Starbucks wi-fi or your assistant making the misstep of sharing his or her passwords.  One simple slip can put your small or medium business at the top of the list for a security breach.

 

We at SDD want to minimize the risk your employees face to being subject to a security hack.  Therefore, we’ve compiled the five worst corporate security breaches of all time, how they happened and some important tips so this won’t happen to you.

Educate your employees about the latest phishing scams attempting to infiltrate your network.  Use SSL certificates for your website’s transaction security.  These act as padlocks to thwart identify thieves from stealing your sensitive information.  Also, make sure you have the proper malware blockers installed to your network, these security systems protect your business from destructive viruses.  And, always keep your employees in the know of the latest password rules and regulations for your business.

So please, read carefully and never stop working to keep your small business safe.

#5: eBay

The fifth on our list, the digital buying and selling giant, and one of the most widely used services in the history of the internet.

Here’s what happened.  Targeted eBay employees were sent phishing emails, which are fraudulent messages appearing to come from legitimate sources, in attempts to get them to divulge sensitive information.  When these employees clicked on the embedded link, malware was installed on the computer and the attacker gained control of their computers, eBay’s network, and all customer information.

What’s troubling here is that their database was hacked between late February and early March and the breach was not detected until May, allowing hackers access to eBay customers’ names, their encrypted passwords, email, registered addresses, phone numbers and date of birth.

Within five months the hackers breached a total of 145 million user accounts.  However, eBay and its users were all fortunate the hackers did not gain access to PayPal’s financial information, thankfully leaving customer purchase data safe.

Phishing attacks have become increasingly common in the business world and a key strategy for thieves to gain access to secure information.  However, thieves are taking it one step further by using new social engineering tactics.  The thief will send a phishing email to your employee, and then follow up with a phone call, making the interaction that much more believable.  The call will always be used to persuade the employee to click on the link, which would install the malware.

If it can happen to eBay, it can happen to your business.  At a minimum you should have an SSL certificates to protect your transaction activity and malware blockers installed.

For more information on keeping your digital sector of your small business secure please visit https://www.godaddy.com/web-security for a variety of different layers and tactics that can and will help identify and prevent your company from being breached.

#4: LinkedIn

Back in 2012, LinkedIn was the victim of an unauthorized access and disclosure of more than six million members’ passwords.  The security breach gave hackers access to users’ email addresses, passwords and other information. 

LinkedIn’s IT security responded immediately and required a mandatory password reset for all the accounts it believed were compromised. Not all employees complied.

Very shortly after the first breach, the LinkedIn security teams became aware of a second massive breach.  Despite LinkedIn’s enhanced efforts to protect user passwords—called salting and hashing—the Russian hacker known as “Peace” was able to infiltrate LinkedIn’s system, which resulted in an overall breach of a staggering 117 million LinkedIn members.

Even though LinkedIn’s security and IT departments had taken major precautions by hashing and salting every password in their database, which is adding an additional piece of code that encrypts the user’s information, it was still accessed.

We suggest you do two things right away.  First, visit a small business expert like https://www.godaddy.com/web-security for more information on how to properly protect your business and your customers’ digital information.  Second, tell your employees to reset their passwords with some type of phrase only they would know and make sure they’re always on the lookout for phishing scams.

For your personal or business hardware and paper destruction needs, please visit https://sddestruct.wpengine.com/business-document-shredding/ we’d be happy to help.

#3: Myspace

While Myspace is no longer making headlines, breached user data never really dies.

In 2014, a large set of stolen Myspace usernames and password combinations were discovered available for sale in a dark web online hacker forum.  Myspace tracked the information and was able to trace it back to Peace, the same Russian hacker who infiltrated LinkedIn the same year.

The original reports stated that there were more than 360 million accounts breached.  Each record contained an email address, password, and in some cases, a second password.  Security researchers stated that it was the largest data breach of all time.

Much like LinkedIn, the passwords were salted and hashed.  Myspace’s security force confirmed that the breach had no effect on any of its other platforms, apps, subscriber information, or other media properties, nor did the leaked data include any confidential financial information.

A near-foolproof option for employees is to use more complicated passwords (like phrases only they would know), reset them periodically, and take advantage of password management tools like https://www.lastpass.com to help keep track of your logins.

For any additional questions, please contact us. We’d be happy to help.

#2: Yahoo

You may want to be sitting down for this one.

In sheer size, it’s the most widespread data breach in history.  In 2013, it was first reported that email usernames and passwords of around six million of its account holders had been breached.

Yahoo’s PR and tech security teams swiftly dealt with the issue, notifying users with emails to change their login credentials. 

At the time, Yahoo believed it had nipped the problem in the bud.

However, throughout the Verizon merger process in 2016, Yahoo discovered the security breach had affected every single user account that existed at the time.  Not six million, but three billion users!  Three billion, and the majority of those were not notified that their account was hacked.

The sad truth is that if you had a Yahoo account from 2013 to 2016 your account was hacked.  Plain and simple.  The names, email addresses and passwords, of your and my email accounts were breached.

Yahoo still has not provided any information about the suspected hackers.  They required multiple password changes and invalidated unencrypted security questions to protect user information.

Our tip to you, for any questions or concerns for your business, check out https://www.godaddy.com/web-security/website-security for expert advice on small business web security.

Remember, try to have your employees consistently update their passwords and implement multiple step authentication on all their accounts.  Make sure they’re not accessing confidential information on shared or unsecure wi-fi connections, and always have conversations about the latest tools and tactics to avoid the ever-present phishing scams.

If you ever have any questions or concerns about hardware destruction, please see our article on hard drive destruction.

#1: Equifax

You couldn’t have traveled far enough away to escape hearing about its monumental mistake.  Without a doubt, Equifax’s breach is the most significant data breach in history. 

This breach wasn’t so much about the quantity of customers effected, but the quality and importance of the content that was breached.

Where almost all digital IT thefts in the past have involved stolen email addresses, phone numbers, and login credentials, Equifax’s information was much more sensitive.

Plain and simple, this 143-million-person breach went to the core of some of the most important information about Americans: names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers.

 

More than two months went by before Equifax reported the breach.  Once again, even with a highly sophisticated security team and an immense budget, they still were targeted.  If your business is ever the unfortunate victim of a security breach—immediately—contact a small business security expert like GoDaddy, or visit https://www.godaddy.com/web-security/malware-removal for an efficient and effective strategy on virus removal.

A greater emphasis on privacy helps create a culture that values security and employee privacy.  Keeping your business secure will take a combination of security tools and employee education if you are to stay ahead of thieves.

If you have any questions, concerns, or tips, we’d love to hear from you.

Please visit our website at www.sddstl.com or if you’d like to learn more, give me—John Steinhauser—a call at (314)795-0004 or email me at john@sddstl.com

And, stay safe out there!

John Steinhauser, co-owner, Secure Document Destruction of St. Louis (SDD).