If you thought that 2014 was a bad year for data breaches, then brace yourself. 2015 was equally horrific and 2016 was expected to be even worse. Organizations like CareFirst BlueCross BlueShield, Kaspersky Lab, Hacking Team, LastPass, Anthem, Harvard University and the Army National Guard have all been comprised within the last year. Of course, one of the more newsworthy hacks was Ashley Madison, which comprised more than 32 million accounts — and probably ended a fair amount of marriages.
If there is one thing that I have learned over the last couple of years, it is that there are persistent security threats in essentially every industry. Over the past week, our website has undergone three different DDOS attacks that were intended to assist with a hack of our site.
What is being done to prevent these attacks from happening again so that your company’s financial future is safe and sound? Here is what we have done to protect ourselves from the constant security threats:
Ways to Protect Yourself From Cyberattacks
According to Javelin Strategy & Research’s 2015 Identity Fraud Report, 2-out-of-3 people who have been affected by data breaches become identity theft victims. There should be concerns that this could get worse thanks to the Internet of Things becoming more widespread, hackers getting more sophisticated and the fact the vital information — such as addresses and financial information — can easily be found in corporate data.
There are, however, some basic measures you can take to protect yourself from possible security threats. Here are some of the common things we are doing to protect both ourselves and our customers:
Monitor credit card statements weekly. If you wait until the end of the month to review your credit card statements and bank statements, you will not be able to catch suspicious behavior as quickly. If anything looks out of place, investigate it immediately.
Sign up for real-time alerts. If you have not done so already, take advantage of the notification services that your bank or credit card company offers. If any unusual activity appears, you will be notified instantly. Additionally, pretty much every company that you do business with (like Oracle) also offers security alerts.
Do not share private or company information. This should be common sense, but many of us are still guilty of sharing too much information with others. Keep private information to yourself. And never open up any emails that seem fishy.
Routinely change passwords. Again, this should be obvious. There are plenty of people who still use weak passwords that can be easily hacked. To prevent this, come up with strong passwords that are creative and change them every couple of months.
Subscribe to identity protections. Using services like Experian will monitor everything from your social security number, credit cards and other vital data.
Furthermore, business owners should only store essential customer information and remove data from customers who are no longer relevant, have a firewall in place, use the latest cyber-protections software and/or implement two-factor authentication. Train your employees so that they do not unknowingly share data with a hacker.
In many cases, common sense and proper training are enough to thwart a cyberattack — or at least, prevent it from being detrimental to your business.
What is Being Done
Training, education and being prepared are just a handful of ways to prevent security threats. The problem is that even being well-prepared isn’t going to completely stop a hacker from getting into your database. That is why we all need to learn from the problems that companies like Target and Sony have experienced in the past so that we can create a plan and know how to respond.
That is only going to take us so far. The private sector and government need to work together in the fight against security threats.
In New York state, for example, State Senator Michael F. Nozzolio proposed legislation that “would establish tougher penalties for cyber-related crimes, create cyber security programs to identify potential risks and threats and require the state to perform a comprehensive review of all its cyber security measures every 5 years.” Nozzolio also wants to establish “the New York State Cyber Security Initiative to ensure that our State has a proper cyber security defense system in place.”
On the federal level, President Obama has been pushing for legislation since 2011 that would “make it easier for the private sector to share cyber threat information with the government.” Greg Martin, the founder and CTO of ThreatStream, argues on Business Insider that “using clues from one attack to prevent it from spreading to other businesses is crucial to stopping the rampage.”
This proposed bill, known as the Cybersecurity Information Sharing Act (CISA), is now law. Unfortunately, many tech companies, civil rights groups and security experts are not in favor of the new law because of privacy concerns. The new law is apparently just the beginning.
That is not to say that the private sector should completely rely on the government to solve all of its security concerns. Companies must still do their due diligence and be prepared. Having the government also creating an infrastructure to prevent attacks in the first place is an added bonus.
The Young Entrepreneur Council (YEC) is an invite-only organization comprised of the world’s most promising young entrepreneurs. In partnership with Citi, YEC recently launched BusinessCollective, a free virtual mentorship program that helps millions of entrepreneurs start and grow businesses.
Image credit: CC by Blue Coat Photos