Loading...

Tech Talk Live Blog

Check Your Pockets for a Data Breach

Nancy Morris


An article published in Infosecurity Magazine in 2016 reported that as many as 22,000 USBs are left at dry cleaners every year. Even worse, some 973 mobile phones are also absentmindedly left behind in pockets and handed in, the study found. For the past several years, security has been the #1 topic of interest to our audience at our technology conference, for good reason.  There is plenty of research to back up the theory that human error is easily the largest cause for data breaches. So are we shocked to hear that this many USBs and mobile phones are left at dry cleaners? The same article reported that devices were only returned to their rightful owners 45% of the time.

Kevin Mitnick, a notorious hacker of the 1980s and 1990s once said during an interview, “The lethal combination is when you exploit both people and technology. What I found personally to be true was that it’s easier to manipulate people rather than technology. Most of the time, organizations overlook that human element.”

So we all know that “to err is human,” and that certainly is not going to change. Ten years ago, paper records that were improperly discarded had much less impact on data security than digital data today. A lost cellphone a decade ago meant someone might make calls and use up the minutes on the account. Today, a misplaced smart phone could post a serious data breach. Massive digitization of information, mobile use, and system integration can potentially expose millions of people’s data to hackers and the harm they cause.

Napier University Professor William Buchanan lists the top three threats in computer security as “people, people and people.”  He mentions leaving devices unattended, sharing passwords, or accidentally emailing information to the wrong people as typical security errors. He indicates that many of the breaches from cyber attacks are also traceable back to users unwittingly giving bad actors access to networks.  Ten years ago phone scams were where the bad actors would get information and money from people, today they are much more sophisticated . . . and effective.

The easiest way to conduct a successful cyber-theft seems to be tricking people. This can be done via phishing schemes, spoofed websites asking for credentials, malicious apps with embedded malware, etc. Sharing personal information for whatever reason, gives hackers the foothold they need to exploit system vulnerabilities once they are “in.”

In October of 2015, Palo Alto Network reported that more than 40% of all email attachments were found to be malicious. They also found that the average time to weaponize a world event to be 6 hours. The implications of this are that immediately following an earthquake or other world event, your well-intentioned staff members might attempt to donate to a relief fund. By using their credentials to do this, they are potentially providing information that can lead to a data breach.

Symantec recommends the following best practices to prevent a data breach and reduce costs in the event of one:

  1. Educate employees and train them on how to handle confidential information.
  2. Use data los​s prevention technology to find sensitive data and protect it from leaving your organization.
  3. Deploy encryption and strong authentication solutions.
  4. Prepare an incident response plan including proper steps for notification of affected users.

Even with a great training program in place to educate your employees of attacks and to learn best practices, mistakes will still be made. The best you can do is to continue to educate and provide information about current attacks and how to handle them. Additionally, monitoring for security incidents and having plans (and the teams to implement them) in place for when a security breach occurs are critically important.

Tech Talk Live Blog Comment Guidelines:

One of our main goals at Tech Talk Live is to build a community. It is our hope that this blog can be a forum for discussion around our content. We see commenting as an integral part of this community. It allows everyone to participate, contribute, connect, and share relevant personal experience that adds value to the conversation. Respect counts. We believe you can disagree without being disagreeable. Please refrain from personal attacks, name calling, libel/defamation, hate speech, discriminatory or obscene/profane language, etc. Comments should keep to the topic at hand, and not be promotional or commercial in nature. Please do not link to personal blog posts, websites, or social media accounts that are irrelevant to the conversation. This is considered self-promotion. We welcome links that help further the conversation and reserve the right to delete those we deem unnecessary. The appearance of external links on this site does not constitute official endorsement on behalf of Tech Talk Live or Lancaster-Lebanon Intermediate Unit 13. You are solely responsible for the content that you post – please use your best judgment. We reserve the right to remove posts that do not follow these guidelines.

Leave a Reply

Your email address will not be published. Required fields are marked *

CONTACT

Tech Talk Live is the only conference of its kind in the region specifically designed for IT pros in education.


techtalklive@iu13.org
1020 New Holland Avenue, Lancaster, PA 17601

(717) 606-1770