What is considered sensitive data?
Hackers typically are looking for what’s called “Personally Identifiable Information (PII).” This is information that can identify people and it is often sought out for identity theft. Hackers can be looking for PII like credit card data, social security numbers, or even bank records. They are typically looking for this data in conjunction with quasi-identifiers, like date of birth, address, race, and gender.
What constitutes a breach?
A security breach occurs when there is unauthorized access to an organization’s protected and sensitive data. A security breach is different than a data breach. It isn’t until a cybercriminal bypasses security measures and actually steals information that a data breach has occurred.
Who needs to be concerned about cybersecurity?
Businesses that require a high level of personal information to operate are more vulnerable to potential cyberattacks because hackers target them more adamantly. Property management companies inherently have access to confidential and sensitive information so they can be a likely target for cybercriminals. According to the Huffington Post, 43% of cyber-attacks are aimed at small businesses, because 51% of small business owners no cybersecurity measures in place.
What are the potential threats?
Malware – short for “malicious ware,” malware was once the most common threat online. In ISACA’s 2019 State of Cybersecurity survey, malware accounted for 31% of all attacks which was a 7% decline from previous years.
Ransomware – this is a type of malware that stops users from gaining access to their files until they pay a large ransom demand to the attackers. Today when there are cyber ransom attacks, attackers often demand payment be made via credit card or cryptocurrency.
Phishing – Phishing scams have increased in frequency and has replaced malware for most common online threat. Phishing scams are used to disguise cybercriminals as non-threatening presence to solicit sensitive data. Phishing scams tend to be sent via email and they will typically include a mysterious link that lures readers into activating the security breach.
Internal – Studies show that half of employees take data home with them upon leaving a company and 54% of companies cite employee mistakes as a top data threat. While internal threats often come down to human error, it’s still helpful to buckle down and implement controls and policies that help mitigate this risk.
How can data be protected?
Encryption – Only 45% of businesses have their data consistently encrypted across their entire organization. Encryption protects user data by encoding any information collected and stored digitally. It makes messages and files only available to by authorized parties.
Hardware Security Modules (HSM) – 47% of companies use HSMs to add a layer of protection to their data. HSMs protect data by being intrusion-resistant to prevent any potential physical breaches into the hardware. It’s also designed to be “tamper-evident” which means they are constructed to physically reveal any attempted interference.
Virtual Private Networks – commonly known as a VPN, they are used to create online privacy when using public networks. When employees access emails and work from their cellphone a VPN helps to protect their connection from anyone preying from a public network.
Internal Controls, VPNs, Password Policies and Data Redundancies all combat potential user errors and can help employees protect against vulnerabilities that come with using cellphones for accessing work emails.
The key to successful cybersecurity is control. Control comes from putting actual checks and balances in place to manage how information is being handled. In the grander scheme, it means planning and preparing ahead of time and creating an impenetrable infrastructure that is multi-layered and well understood.