2016 was a rough year for data security. With a billion compromised Yahoo member accounts and Russian hackers tampering with the US election, the past year saw cunning hacks becoming an even larger threat for businesses great and small.
And while it’s impossible to know what lies ahead, there are emerging data security trends that are forecast to grow in prevalence during 2017…
…so how will you protect your business against a data security breach?
It’s time to enhance your cyber security protection policy, preparing for potential violations that include these top 5 data security threats for 2017.
Improper Hard Drive Destruction
It is so, so easy for data stored on hard drives to fall into the wrong hands, and there can be expensive repercussions…
For example, in 2013, the British Information Commissioner’s Office served a £180,000 ($230,000 USD) penalty to the Ministry of Justice after an unencrypted hard drive was lost and leaked confidential information of 2,935 prisoners to the public.
How can your company prevent easy picking such as this from leaking data and exposing you and your company to these hefty fines?
If you think you can simply use data destruction software in-house as a viable solution, think again. When decommissioning your computers, laptops, and network equipment, you MUST correctly undertake hard drive destruction and ensure proper data destruction immediately.
This is the most effective (and permanent) way to dispose of secure data on your hard drives beyond recovery.
2. Weak Passwords
As cyber attackers become increasingly privy of common password combinations, and with the onset of quantum computing, having strong passwords for all accounts is a key data security focus for 2017.
A strong, secure password should follow these best practices:
- At least 8 characters long.
- Should not contain any personal information—specifically your real name, user name, or even your company name.
- Be unique.
- Does not contain any word spelled completely, or correctly.
- Should contain a combination of multiple uppercase letters, lowercase letters, numbers, and characters.
Tip: encourage employees to use phrases they can remember like:
“I enjoy playing basketball”.
Which can be written as:
3. Unprotected Cloud Storage
you need to ask yourself:
Is your cloud data securely stored and encrypted?
While cloud solutions provide your business with the capability to store data in third-party data centers, you need to ensure that your service actually encrypts your data.
Look for the inclusion of a leading encryption security policy as part of their package. Advanced encryption algorithms such as Ciphertext-policy ABE (CP-ABE) and Key-policy ABE (KP-ABE) are examples of ones to look out for.
Then, choose a cloud storage service provider that is willing to push back against unreasonable government requests for data (see threat #5 for more).
4. Ignoring Failed Access Attempts
As hackers become more crafty in 2017, you need to ensure your data security policy is prepared for the warning signs of failed login attempts to your IT firewall.
Don’t think this can happen to you?
Target’s point-of-sale (POS) system was hacked back in 2014 – a breach which actually began 6 months prior. IT personnel noticed multiple failed login attempts which they chose to ignore. Unfortunately for Target, the attackers were able to siphon over 40 million card numbers and personal information of 70 million customers.
To protect your business against failed access attempts in 2017, upgrade your data security policy to flag these common signs of brute force data hacking:
- Many failed logins from the same IP address.
- Logins with multiple usernames from the same IP address.
- Logins for a single account coming from many different IP addresses.
- Failed login attempts from alphabetically sequential usernames or passwords.
- Logins with a referring URL of someone’s email or IRC client.
5. Forced Violation of Data Encryption Protection
With high-profile cases of encrypted data violation as with the FBI earlier last year, it makes the level of data protection that encryption brings, questionable.
In an investigation into the background of dead San Bernardino terrorist Rizwan Farook, the FBI demanded that Apple write new software to help crack his mobile phone – the iPhone 5c. What impact could this have for your business?
Should the government demand encryption-makers to develop cracks for its encryption protection, expect such vulnerabilities to be exploited by professional hackers. Services such as cloud storage (think employee details, email addresses, sensitive account data) and a host of other personally identifiable information (PII) sources on mobile device apps would be especially hot targets.
While it’s too early to tell where this hot topic will lead encrypted data security, it’s important for your business to push back against these government requests. You can use the private advocacy group EFF’s website “Who Has Your Back” for this.
This post is part of our contributor series. It is written and published independently of TNW.