It seems like a week can't go by without some major data breach dominating the headlines. This time, data from more than six million users (originally reported as 14 million) was leaked from Verizon's cloud.
With so many incidents like this happening across various industries, you'd think businesses would wake up to threats of data breach and hacking. Yet cybersecurity risks do not receive the time and consideration they deserve.
Don't let your organization become another victim. Reach out to CyberPolicy to ensure cyber resilience in the face of cybersecurity risks.
When It Rains, It Pours Data
According to ZDNet, who broke the story, names, addresses and phone numbers of more than six million Verizon users were leaked to the world wide web. How did this happen? The problem was initially discovered by the cyber risk research team at UpGuard, a "cyber resilience" startup based in Silicon Valley.
An employee of Nice Systems, a Verizon vendor, apparently saved customer information to a cloud storage system and permitted external access to the information; meaning the data was downloadable by anyone with the easy-to-guess web address.
This kind of oversight and human error is more common than you might think. Research shows that employee negligence is the leading cause of data breaches. For this reason, it is absolutely vital that organizations implement regular cybersecurity trainings for all their employees.
While Verizon assured its customers that the breach did not result in "loss or theft of Verizon customer information," there's really no way to be certain. Hackers will sometimes sit on stolen information until they can sell it as a large data dump on the dark web.
Cybersecurity experts advise Verizon customers to play it safe by monitoring banking and credit card accounts for suspicious activity. Additionally, you may want to change your Verizon password immediately. The same goes for any accounts sharing the same sign-in credentials. Finally, keep an extra close eye out for phishing and social engineering scams, as hackers often leverage stolen information to target and convince individuals into sharing even more information about themselves.
Learning the Easy Way
While Verizon works to contain the PR nightmare and assess the damages (if any), there is plenty to learn from Verizon's example.
First, remember that encrypted cloud storage is a safe option when used correctly. If you are storing sensitive information in the cloud, take a moment to hash and salt the data to prevent prying eyes from seeing Social Security numbers, passwords or financial information.
Next, only allow access to 'need to know' employees. This is what is known as "siloing" and will reduce the likelihood of incursion.
You also ought to keep your software and security patches up to date. Hackers keep up-to-date on all the latest cybersecurity news and could use a well-known gap to breach your company's defenses.
Finally, invest in third-party cybersecurity insurance to protect your company from financial ruin. Otherwise, your business could be held liable for client data you leaked (as in the case of Nice Systems) or data you own which was mishandled by a third-party (as in the case with Verizon).
Ask yourself: Would you rather learn from Verizon's example or experience data breach for yourself? Visit CyberPolicy to get your free quote today!