On August 24th, CNN reported a story about a data leak, which publicly released the personal information of millions of people, as well as data from major government organizations and large businesses. "The data leak, which affected American Airlines, Maryland's health department and New York's Metropolitan Transportation Authority, among others, led to the exposure of at least 38 million records, including employee information as well as data related to Covid-19 vaccinations, contact tracing and testing appointments, according to UpGuard, the cybersecurity firm that uncovered the issue."
This instance is but one of several data leaks and attacks that have made headlines in recent years. For instance, in 2013 a hacking group had pilfered over billion users' information from Yahoo accounts. More recently, breaches at Alibaba, a large Chinese online merchant platform, and Linkedin, which occurred as recently as June of this year, have exposed even more personal data to malignant actors. What's notable about the leak reported this week, however, is that it arose not from the cunning of professional hackers but instead from a wrongly configured security setting in common Microsoft software. By the time the issue was resolved, millions of people's personal data, including health records relating to COVID-19 vaccinations, had already been compromised.
Protecting Your Data
It's unfortunate, but--as we've reported before--cyber crime of all sorts isn't going away any time soon. Moreover, security breaches can arise, as they did in the above example, out of simple negligence or confusion. As a result, preventing data leaks and breaches isn't simply a matter of having the right software. A firm needs sound infrastructure, monitoring mechanisms, thorough oversight, and proven security protocols to both prevent leaks and deal with them if they occur.
UpGuard, the private security firm who first identified this month's leak, has a handy list of best practices to prevent data leaks and breaches. These include having a plan for evaluating the risk of working with third-parties through the use of risk questionnaires, monitoring access to your networks, educating staff on common cyber scams, and encryption. It's also important to have predictable and easily accessible plans of action in place in the event a breach or leak does occur in order to minimize the damage. In the leak reported by CNN, months passed before anyone even noticed the problem.
With the internet becoming an inescapable part of professional life, good cyber security practices are things that every firm must consider. Unfortunately, small firms and startups who are strapped for cash are often left to their own devices, so to speak. While it is possible for a tech savvy employee or team of employees to create cyber security infrastructures and protocols, the process is often quite labor intensive and stressful, not to mention time consuming. In the worst cases, handling technology at a small firm may fall to the employee who just happens to have the most tech knowledge, even if it's not part of their job description. One can imagine how such a responsibility could eat into an employee's other duties, affecting not only their personal productivity but the firm's bottom line and mission.
As such, it's important that every firm seriously consider investing in either an in-house IT team or a managed IT provider like Titan Tech. Having a dedicated team of professionals who will devote the entirety of their time to monitoring and preventing security problems will go a long way in allowing the rest of your team to focus their mission. To learn more about the benefits of managed IT, use Titan Tech's contact form to reach out.
And join us next week for more tech news.