IT Security Lessons from the World’s Biggest Data Breaches

Historically, the data breaches to make news headlines are the ones that occur at enterprise organizations. Specifically, eBay, Home Depot, Target and the Playstation Network are a few to come to mind. But as these enterprise organizations form even stronger security protocols, hackers are turning to small business. Hackers see small business as easy targets. Often with less IT security measures and lots of valuable data to be had – small businesses across the country are at risk for data breaches. Don’t believe me? According to a survey by the National Small Business Association, 44% of small businesses have been hacked, with associated costs averaging $8,700. According to a study by the Ponemon Institute, that number is even bigger with 55% of respondents reporting a data breach. With risks and vulnerabilities only increasing as hackers continue to target small business, it’s important to explore takeaways from some of the world’s biggest data breaches and apply them to your organization’s IT security.

Understand the cause:

Of the top 4 data breaches in the world, 3 of them were executed by hackers. This is important to understand, because it will help you as a small business determine how to set up your technology, infrastructure and network in such a way as to avoid being susceptible to hackers. What can you do to protect your business’ data? Proactive measures are your best bet:

• Install a secure firewall. A firewall is essentially a business class router with the ability to customize security services. This is important because it will block unauthorized access and prevent the spread of viruses.
• Enterprise class antivirus. NEVER use free antivirus. Like we described in this blog, you want an antivirus software that can be centrally managed and monitored with updates on a regular basis (as often as every 15 minutes).
• Complete Windows patching. You need to make sure that you’ve closed any available external access by patching any security holes. Windows regularly releases security updates to patch these vulnerabilities – and you need to make sure that you or your IT provider are completing the updates as often as new patches are released.

Screen, limit access, and train your employees.

The world’s largest data breach was actually an inside job, which compromised 200,000,000 data records. What can you do to ensure that your employees don’t take advantage of a security gap?

• Carefully screen your employees. Conduct background checks and ask for references for every employee you hire. If you work in an industry or business where you deal with very secure data, engage a head hunter or HR firm that can conduct extensive interviews and ask the right questions or conduct personality tests to determine if an employee can be trusted.
• Limit access to necessary files. Don’t provide access to folders and files that your employees don’t need, or those that include sensitive data. This will eliminate any temptation to attempt to use or steal the data.
• Create security policies. Mobile device passcodes, more secure password structures and user security policies allow you to ensure that every employee is on the same page with regard to company security.

While you may not have access to millions of credit card numbers or an extensive database of data, security should be a top concern for your organization. Breaches cost small companies thousands and sometimes millions when they occur. Limit the opportunity for your data to be compromised with these tips.