Last month, reports circulated that the marketing and data aggregation firm Exactis accidentally leaked a private database with records on 340 million people. This exposure revealed information like phone numbers, home addresses, email addresses, age and a range of interests and habits. While this leak did not include social security numbers, it still presents cybercriminals with enough information to impersonate or profile these individuals for malicious acts.
Though headline-breaking cybersecurity breaches have been less rampant in 2018 than last year, in reality the risks are simply less obvious to affected users and businesses. Chiefly, fewer breaches are occurring while data exposures are on the rise.
So how can your business protect your customers from these data exposures? Here’s how your organization can create a plan to store and monitor your valuable information.
What are data exposures?
Data exposures occur when data is stored improperly, leaving it exposed on the open internet, available to anyone who comes across it. Exposures often occur when cloud users misconfigure their database or use a storage mechanism that requires no authentication process and can be accessed by unknown or unexpected users.
Data exposures have affected every industry, from healthcare to software firms and popular chain restaurants. While data breaches like Yahoo and Equifax made headlines, exposures are often downplayed because, unlike breaches, there’s no specific proof of bad actors accessing the data.
In the event of a data exposure, affected organizations typically offer the same, tried and true reassurance that there is “no evidence” that exposed data was accessed inappropriately. Of course, this is virtually impossible to confirm, so the true scope of the damage is often unreported.
What causes data exposures?
In the case of Exactis, the database they were using was unprotected by a firewall — a mistake any rookie business owner would know to avoid. Often vulnerabilities are known but neglected in the cloud, where security remains a major issue for most companies. According to CSI Research, 51% of organizations publicly exposed at least one cloud storage service in the last year.
That’s no surprise, given how quickly businesses from every industry attempted to migrate to the new technology. In 2017, Amazon Web Services, Down Jones, FedEx, Verizon and Tesla all experienced breaches due to unsecured storage servers which were found without any password protection in place.
But lacking passwords aren’t the only factor creating data exposures. Cloud leaks pop up when software bugs inadvertently store data in a different location. For instance, Twitter announced in May that it has been inadvertently storing user passwords. Usually companies store passwords by scrambling them with a process known as hashing, but a bug caused some type of internal log to process user passwords before the hashing was complete.
How to guard your cloud
First and foremost, protect all of your servers, databases and networks with passwords and install two-factor authentication. Choose a random password or use a password generator and never repeat the same password for two profiles. This is something anyone can do no matter how intimidated by tech you may feel.
Secondly, encrypt your data. Encryption works by protecting your files with a unique password. Tools like B1 Free Archiver will compress and protect files for you and ensure files can only even be accessed by using the tool. More secure cloud programs will offer their own encryption to ensure both cloud-stored and local files can be encrypted and decrypted for security.
In our current climate where data collection organizations like Exactis are collecting information from average people to degrees which they may never understand, aggregating history from credit card purchases to magazine subscriptions, the risks for your clients from exposure grows higher every day. Unless you take a firm stance on security and take the necessary steps to protect your business and your customers, no technological upgrade or business solution is going to keep your data safe.
If you’re considering migrating to the cloud, make sure you work with a qualified service provider, perhaps someone who was named Talkin’ Cloud’s 100 Cloud Service Providers worldwide.
Written by Nik Vargas