When the consumer credit report agency Equifax suffered a data mega-breach, the information of 143 million Americans was compromised. Prior to then, eBay, Yahoo, and Target all also suffered breaches. And then there's the 2016 hacking of the US Election by Russia, which played a decisive role in putting Trump in the White House.
Preventing the next data mega-breach, then, is of utmost importance. Unfortunately, there's a good chance that organizations still aren't taking the necessary steps. Here's just 10 recommendations from information security experts.
Take Data Seriously
The first step to fixing a problem is admitting you have a problem, and you can't do that if the people making crucial decisions just don't understand what's going on. Senator Lindsey Graham, for example, currently sits on the Committee on the Judiciary's subcommittee on Privacy, Technology and the Law. Graham has also never sent an E-mail.
It's 2018. Movies from the 80s set in the future take place before the year that it currently is, and Senator Graham has never sent an email. The situation is as unacceptable as a room full of men deciding the state of women's reproductive health, but, hey, that's government!
For too many companies, the bottom line takes priority over the general well-being of the population at large. And since data breaches are the oil spills of information security, greater regulations and even law suits may force companies to actually make a big deal out of what is a big deal.
If companies aren't training employees at every level, modernizing infrastructure, and investing in research to better protect our data then our data will continue to be at risk. The proletariat can only take so much before we seize the means of production!
John Podesta was chairman of Hillary Clinton's 2016 White House run. Hackers tricked him into giving up his email password with a phony Gmail alert. Any email that asks you to change your password is as suspicious as an email from a Nigerian prince asking you for social security numbers.
We'd hope that John Podesta would know better; he apparently did not. It's a good idea, then, for everyone at a company to get some cybersecurity training because getting someone to willingly hand over their password is a go-to hacker trick—it ranks up there with checking to see if someone's password is just "password"!
It may be a hassle to type in a passcode, scan your retina, and then pick out all the ducks out of an animal line up, but it's an even bigger hassle to recover your identity after it's been stolen. And if that's what it takes to prevent a data mega-breach, then it's worth it.
Hire Cybersecurity Experts
The IT person at your office knows how to update software, physically set up your computer, and fix a paper jam. They may not, however, be qualified to deal with a coordinated effort by a foreign power to undermine the integrity of your digital infrastructure.
This was exactly the case when the FBI called the DNC to inform them about suspicious network activity; the help desk contractor lacked the expertise to treat the situation with the gravity it deserved. As a result, hackers were able to spend months luxuriating in undetected access. Lesson learned: hire cybersecurity experts or risk altering the course of human history!
Of course, solely blaming the DNC's help desk contractor would be reducing a complicated process into a caricature. The FBI special agent charged with informing the DNC may have made a series of phone calls, but when the stakes are as high as a presidential election, maybe physically leave your office to share the big news. That's how you keep a data breach from becoming a data mega-breach.
Programers know that you can never create a system that's 100% secure, so they prepare for the inevitable. Data can be encrypted so that if it's stolen it's worthless; data can be segmented so that entry into a system doesn't guarantee total access; and measures can be taken so that if someone does get around your defenses it becomes challenging to create new accounts. Additionally, companies should maintain vigilance by monitoring the evolving nature of cyber security and cyber crime.
There's an ongoing debate between information security experts about the pros and cons of cloud computing. Chief among the concerns is what happens if the cloud goes down or becomes compromised.
Cryptocurrency traders, for example, know that there's a danger of their investment being stolen and, as a result, will oftentimes keep the bulk of their fortunes physically offline. This practice, known as "cold storage," may take the form of a USB drive, a physical coin, or just a laminated piece of paper with a QR code. We can do that with more forms of data.
Blockchain technology entails the same set of data being shared simultaneously across multiples nodes. The result is that compromising a singular machine doesn't compromise the whole data set. Additionally, since so there are so many people keeping their peepers peeped on the blockchain, it increases the likelihood of someone catching unauthorized changes.
Get Off the Cloud
Technology has no doubt improved our lives. Even those who refuse to adapt beyond a flip-phone concede that it's better to get a call about canceled plans than to spend an entire evening in a coffee shop wondering how come your friends haven't showed up.
That being said, one way to not be one of the next 143 million people affected by a data mega-breach is to just leave less information online. Stop saving your credit card info on Amazon, quit using auto fill forms, and maybe use less services altogether.
You could, for example, try making your own meal instead of relying on Seamless! After all, there's a good argument to be made that the gig economy is an overall net negative for society due to the devaluation of labor. Plus, if the next data mega-breach is big enough, those skills from the "before times" might come in handy.