Data breaches and cyber attacks are now the new normal.
What can you, as a business owner, learn from some of the biggest companies that have had data breaches?
In this article, we will be outlining some of the most significant attacks from 2019.
These attacks can give you some guidance on the types of security measures you should be thinking about for your company’s IT systems and data.
In April 2019, a third party working on behalf of Facebook left two Amazon servers un-secure. Those servers stored 540 million Facebook user ID’s, account names and interaction data.
The lesson learnt here is that if you have third parties working with company data, you should be asking them how they secure their systems and your data.
Good examples of this are if you outsource your payroll, HR or finance to a third party.
Ask them for a clear overview of the security measures they have in place.
For a complete list of questions you should ask your third-party suppliers please contact us.
People living with HIV
In January 2019, the Singapore Ministry of Health confirmed they had a breach of 14,200 patient records.
While the number is nowhere near the size of other data breaches in 2019, what makes this a serious breach is the nature of the data.
An unknown hacker stole sensitive data that revealed people diagnosed with HIV.
The lesson for us here is that if your company is holding sensitive data, you must take the necessary steps to secure it and have those steps documented.
April of 2019 also saw another data breach by the car manufacturer Toyota. Toyota has not had much luck with their current IT systems as there have been multiple data breaches in Japan, Vietnam, Thailand and Australia.
Three million customers and employees were affected by this breach.
The lesson here is to be aware of the types of data you have and where it might be stored.
For example, you may have a central file server for operational data, but your employee data might be stored on a completely different system. This “separation of concerns” is very important.
It’s good practice to document the categories of data you store in your company, where this data is stored and the security measures you have in place.