Compromised data security cases have been prevalent in the media with major organisations such as Optus and Medibank making news headlines after experiencing crippling data security breaches. Data security attacks are nothing new and as personal and corporate data continues to grow, so do the number of cyberattacks. In fact, according to a recent Surfshark report (published on 19th October 2022), global data breaches have increased by 70 percent in the third quarter of 2022, compared to the second quarter. "In the last three months alone, a total of 108.9M accounts were breached globally, meaning that 14 accounts were leaked every second, as opposed to 8 per second in Q2."
Is your business prepared for a cyber-attack incident?
As data breaches are becoming more frequent, how well protected is your company data from the potentially devastating consequences of a data breach? Personal and work data exist across multiple platforms and devices which presents an advantage to hackers, giving them more points of access to sensitive information. Having strong systems around managing your business and employee data stored on company devices is crucial to mitigating the risk of a data leak.
During the decommissioning of company devices, such as laptops and mobile phones, personal data is at risk. Data destruction processes such as a factory reset and drive reformatting may appear to wipe a device clean, however there is no guarantee that data sanitisation has taken place. A study conducted by our data sanitisation partner Blancco found that “40 percent of second-hand hard drives contained data leftover from the previous user” with 15 percent of these drives still retaining highly sensitive information that could be catastrophic in the hands of identity thieves and hackers.
Many companies do not safely erase all business and personal data from discontinued or faulty devices. These devices are often offered to staff for free or through a buyback program, posing a significant threat of data ending up in the hands of a third party. It is recommended to engage with a certified data security firm to run a full data sanitisation process on site for all rotated and decommissioned devices to safeguard against residual data falling into the wrong hands. PhoneCycle offers free data erasure on all trade-in mobile phones. Our data sanitisation service is certified by ADISA, a certification body verifying regulatory compliance and best practice for data sanitisation and data protection. Our service will remove your data and establish an audit trail. We provide a certificate verifying that an overwrite has successfully removed data off each device we process on your behalf.
For end-of-life laptops, PhoneCycle is a licenced Blancco provider. Blancco is a robust data sanitisation software that permanently erases sensitive data from any drive, from HDDs to SSDs, and NVMes, including self-encrypting drives. A Certificate of Data Erasure is also provided for auditing records.
What other implementations can be put in place to bolster data security?
Establish a cyber security incident response plan (CSIRP) before an attack has taken place, to ensure an organisation’s resilience to cyber threats. A CSIRP is a formal document consisting of staff training around data safety awareness and company policies and procedures designed to address potential cyber threats and the steps involved to address a data breach if one occurs.
According to security awareness advocate Jacqueline Jayne from KnowBe4, “human error overwhelmingly remained the leading cause of breaches, making up between 82 per cent and 95 per cent of cases.” A security breach is only a matter of one wrong click, therefore training staff to identify common malicious software, known as malware, can potentially prevent a cyber-attack from occurring. There are various forms of malware such as spyware, ransomware and phishing.
Types of malware
Creating awareness of these scams is the first step to mitigating the risk of a data breach.
Spyware is a common form of malware. This program is designed to run in stealth mode on a system, harvesting sensitive information such as logins, passwords, addresses and financial information and transmitting this information back to the hacker, giving the hacker access to private accounts.
Ransomware, as the name implies, is a method of extortion where hackers demand a ransom fee for stolen data. Systems are encrypted or blocked, and failure to pay the ransom via cryptocurrency (to ensure anonymity) will consequently result in files remaining inaccessible. There is also the risk that stolen information will be published to the dark web, making it widely accessible to nefarious cybercriminals. What’s particularly distressing is there are no guarantees the hacker will release your data back to you once payment has been sent.
Phishing is a process that attempts to solicit information in the form of fraudulent emails, URLs and text messages. Messages are usually impersonating a legitimate organisation such as financial institutions or telecommunication providers. This type of scam aims to trick victims into divulging sensitive information.
Install malware protection software
Fortunately, malware protection software like Trend Micro and Norton can identify and protect your server against malware. Keep subscriptions current to ensure you’re getting the highest level of protection.
Add an extra layer of safety to online accounts with Two-Factor Authentication and regular password updates
Use two-factor authentication (2FA) on all online accounts. 2FA, also known as two-step verification, is a security feature used in online banking and government platforms such as MyGov to add an extra layer of protection to user accounts. The security process requires the user to log into their account with their username and password as the first verification step. A security token is then generated as a temporary code which is usually sent to the account holder as a text message. Correctly verifying the token code completes the second part of the identification process.
Update passwords frequently. A vast proportion of data breaches are caused by reused passwords which are not updated frequently. It is essential that each of your online accounts have a unique password that are changed regularly. It can be difficult to keep track of constantly changing passwords, which is why a password manager like Dashlane and LastPass can be very handy tools. A password manager application creates and autofills passwords for the subscriber’s online accounts, taking the hassle out of creating and remembering each one.
If you’d like to know more about PhoneCycle’s Data Security solutions for your mobile and laptop devices, visit us at https://www.phonecycle.com.au/data-security