A recent data breach at German IT service provider Citycomp has resulted in a flood of data being published online — including financial and private information on all of Citycomp’s clients. You need to know how to fortify your defenses against data breaches.
The data breach included a client list that covered major companies such as Oracle, Airbus, and Porsche. More than that — seventy thousand services and storage systems are now publicly available.
Cybercriminals Believe Breaching an IT Service Provider like Citycomp is the Ultimate Win
By cracking the defenses of a single business, criminals get the keys to dozens — or even hundreds — of the service provider’s clients’ business networks. However, amateur hackers are far more likely to pursue an easier target like your small business.
The Cost -to the Criminal- Conducting Cybercrime has Continued to Drop
The rise of malware as a service is allowing amateur hackers to join the ranks of more seasoned cybercriminals. Not surprisingly, research shows that small businesses now make up the majority of commercial cyberattack victims.
While nearly 70% of small businesses report that they experience cyberattacks, and just 28% say their defense measures are “highly effective.”
Taking these three steps will fortify your own defenses against data breaches:
1. Change Passwords Regularly
If you’ve been using the same username and passwords for years, it’s almost guaranteed that those credentials are out there somewhere. These passwords are available on the dark web for only pennies — or, you know — for free.
Changing passwords regularly may be a hassle, but it’s an important security practice. It helps prevent hackers from purchasing old login information on the dark web and using it to break into your organization’s network.
Putting systems in place that require employees to change their passwords every few months is an inexpensive — usually free — security improvement.
But if you want to avoid a mutiny and up your chances of compliance, explain it to your team beforehand. When employees know what’s at stake, they are likelier to buy into what might otherwise may feel like an annoyance.
I worked for one company years ago that make us change passwords every three weeks to a 25 bit new password and no part of the password could be repeated in a six-month period.
The system was still hacked and we had to contact millions of clients to reset their passwords (hundreds of us working around the clock to get this done). This company didn’t allow a password manager. If your employees don’t like it — too bad — it’s your company — and it’s your duty to protect it.
Consider investing in a password manager to make things as easy as possible, if you are concerned about employee pushback.
According to one study, employees have to juggle one hundred ninety-one passwords on average. Password managers are generally inexpensive, and the convenience they offer makes them a worthwhile investment for companies of all sizes.
2. Implement Two-Factor …read more
Read more here:: SmallBusinessTrends