illegal and harmful activities. As part of our ongoing efforts to educate the general community and encourage consumer privacy, cyberawareness, and safe browsing, we do occasionally report on larger security breaches strictly to raise awareness and emphasize the importance of cybersecurity training.
Allegations of three major hacks discovered so far for today.
- A nationwide manufacturer of cell phones and personal technology products.
- A large northeastern nonprofit association.
- A large drilling company.
We have reached out to technology and/or operations leaders at all three companies to offer any assistance they require.
Across all three, more than 10,000 employees' full private data allegedly stolen. If customer accounts and data were compromised, total PII breaches easily in the 100,000+ range.
We cannot emphasize enough how rapidly the breach frequency is continuing to increase.
Based on averages, if the breach allegations are true, these companies will now have to shut down operations for several days and incur costs far exceeding the preventative, proactive costs of adequately protecting themselves prior to the attacks.
No Phish Left Behind will continue to report on these breaches as more information is corroborated.
Cybersecurity is conceptually a lot like physical security: We can install all the locks and gates in the world, but if the security guard falls asleep with the door unlocked, anyone can get in. Similarly, if headquarters is fully protected, but staff are allowed to access sensitive data, applications, and passwords from less secure personal devices, the system cracks.
The defensive systems need to be coupled with a culture of security and awareness in order to really be effective.
Here are some steps business owners and leaders can take within your own organizations to significantly reduce the likelihood of a breach:
- Ensure sensitive data and systems are adequately firewalled and only accessible by authorized personnel, systems, and vendors.
- Ensure the use of multi-factor authentication for all critical systems.
- Employ the Principle of Least Privilege.
- Require complex passwords with regular expiration dates - vendor passwords and accesses included.
- Ensure remote staff are properly trained on systems access and cybersecurity best practices.
- Provide your people with continuing cybersecurity education, especially as technology continues to rapidly evolve.
- Create and maintain a culture of security.
- Ensure all systems are fully patched and protected with a managed antivirus solution.
As always, please contact Scalable Business Technologies at any time for assistance.