2019 wasn’t short on horror stories regarding data breaches that occurred on businesses. In fact, the first six months of the year saw more than 3,800 publicly disclosed breaches, which exposed a whopping 4.1 billion compromised records. And these were high-profile breaches, too: eight breaches in 2019 alone compromised 3.2 billion records. This is how dangerous data breaches can get.
What do cybercriminals do with the stolen data? Understanding their motivation for carrying out data breach attacks can not only enlighten you on what happens after they steal your information, but also make you more aware of how to prevent data breaches.
Let’s take a look at some of the possible scenarios after a hacker acquires your data:
#1. Inventory the data
Once a cybercriminal gets a hold of a company’s files, they will sort through them for sensitive data. This could include personally identifiable information (PII) like names, addresses, social security numbers (SSNs), driver’s license numbers, bank account numbers, passport numbers, and email addresses, among other data.
#2. Sell personal information
Next, the hacker will classify and bundle the stolen data, then sell them in bulk. Your information will most likely end up for sale on the dark web. This is because the dark web allows users to stay anonymous online, making it almost impossible for their activities to be traced.
According to an Experian report, a bundle of just one person’s full information including name, SSN, birthdate, and account credentials already costs $30. Credit card information costs from $5 to $110, while diplomas go for as much as $400. US passports can be sold for around $1,000 to $2,000. Medical records also have a high value, costing as much as $1,000 online.
Hackers can also sell access to the breached database of a company. For instance, when the popular app Dubsmash suffered a data breach in December 2018, over 162 million user accounts, email addresses, and hashed passwords were stolen by hackers. The criminals then sold access to the app’s breached database for $4,995, making it possible for anyone withthat kind of money to gain access to the information of millions of people worldwide.
PII can also be sold to marketing firms or companies that specialize in spam campaigns. If email addresses in your database were stolen in a data breach, they can be sold to these dubious marketing firms who will then bombard them with spam.
#3. Commit identity fraud
Aside from selling stolen data, cybercriminals also use it to commit identity fraud. For instance, they can easily steal the identity of someone in your company and do unscrupulous business under your company's name. If your company is not careful, the hackers can easily request to access sensitive areas of your organization and extract even more data than what was already leaked.
#4. Hold the data for ransom
Let’s say that your breached data involved trade secrets and confidential information that you wouldn’t want the public to see. Cybercriminals can blackmail you into giving them money in exchange for keeping your information private. If you don’t comply with their demands, they can threaten you to send the information to your competitors.
How can your business prevent data breaches?
In 2020, cybercriminals will continue to come up with new ways to steal data from businesses of all sizes. They will try their best to get a hold of as much data as they can for personal, financial, and professional gain. Businesses can keep their data protected by following these best practices:
#1. Build employee awareness
Your employees will always be your cybersecurity’s weakest link. If one of your workers commits just one mistake, it might be enough to cause downtime and catalyze reputational damage due to leaked data.
Train your employees to generate strong passwords, file and store data, and avoid opening potentially malicious files. Limit their internet access to websites that they only need for their work.
One of the best ways to teach your employees about cybersecurity is by conducting simulated phishing exercises. Send out a fake phishing email to everyone in the company, and provide the necessary training to those who fall for the bait.
#2. Keep business and personal email accounts separate
Have separate emails for your business and personal affairs. If a cybercriminal infiltrates your personal email address, they won’t be able to access anything from your business data. Be careful as well of the files you attach in emails, as the information they contain may be used to hack into your business accounts.
#3. Implement strict access privileges
One of the easiest ways for your data to leak is through unnecessary access privileges given to your employees. For instance, if someone in your IT department got a hold of the data from the finance department, they can easily copy the data and leak it online.
Your business should constantly ensure that employees only have access to information necessary for their jobs. By implementing a restrictive access privilege policy, you are limiting the possibility of future data breaches.
#4. Partner with Binatech
Data breaches are one of the top reasons companies go out of business within a year. When you partner with Binatech, we will provide your business with proactive maintenance so you’re protected 24/7/365. So even if cybercriminals try to infiltrate your system anytime of day, your data will always stay secure.
Need business continuity planning (BCP) assistance? Then look no further than Binatech. We will assess your current IT environment and tailor-fit a plan for your business so you’re always prepared for any disaster that may come. Interested? Drop us a line to learn more today.