What really happens to your personal information if it gets swept up in one of those big data breaches that have hit companies like Target, Anthem Health and Sony?
Bitglass, a data security company, devised a test to measure what could happen to an individual’s personal data after a breach.
Bitglass developed a list of 1,500 fake employee credentials (which included names, addresses and Social Security numbers) and posted it to an online, black market marketplace called the Dark Web. The names, contained in an Excel spreadsheet, were posted on DropBox and on seven file-sharing websites associated with the Dark Web.
The posted document included special tracking technology that allowed the developers to identify when and where the file was accessed, anywhere in the world.
Within a few days, people on three continents downloaded the bogus credentials more than 200 times. In less than two weeks, the report says, 1,080 people in 22 different countries on five continents had viewed the list.
“By the end of the experiment the fake document of employee data had made its way to North America, South America, Asia, Europe and Africa. Countries frequently associated with cyber criminal activity, including Russia, China and Brazil, were the most common access points for the identity data,” the Bitglass report said.
“Additionally, time, location, and IP address analysis uncovered a high rate of activity amongst two groups of similar viewers, indicating the possibility of two cyber crime syndicates, one operating within Nigeria and the other in Russia.”
Security Protects Big and Small Business
The biggest misconception about the need for better security is that only the big guys get hit. It’s not true.
Most don’t realize the Target breach actually occurred when an employee of another company—a small heating, ventilation and air conditioning (HVAC) company—opened a malware-laced email, allowing the system to be hacked. The HVAC company was working with one Target store during a maintenance period, and had remote access to Target’s corporate system. This chink in the system allowed the hackers to worm their way inside where they stole more than 40 million debit and credit card numbers.
DriveSavers recommends that, regardless of size, any business should at minimum:
- Have a secure website
- Use encryption
- Update and patch regularly
- Use effective passwords
- Implement a company-wide social media policy
- Have a defense-in-depth strategy
- Secure all devices
- Back up
Check the following two links for more details on how to protect your company data and how to identify security risks for small companies.
Ways to Protect Your Company’s Tax Data
Top Security Risks Small Businesses Don’t Know They Face