What Is A Data Breach And How Long Does It Take to Locate One?
If someone breaks into your house and steals your valuables, you know about it pretty quickly. If your card is cloned and used for unauthorized payments, you’re aware of it the moment you check your account, even if the original remains in your purse. But there’s one type of theft that can take weeks or even months to discover: data theft. Worse, until you detect it, fraudsters and cybercriminals will use that information in ways that keep on damaging your business and harming your customers.
What is a Data Breach?
Data breaches are incidents where an unauthorized person accesses, releases or copies data that is confidential, sensitive or protected in some way. That could be personal or payment information, health data, intellectual property or trade secrets.
Often, the targets are credit card numbers and social security numbers, as these can be used to make fraudulent payments, take out loans or otherwise access credit under the guise of being someone else. However, other common data breaches involve things like healthcare histories, customer lists, software source code, and other corporate information.
Whenever a person who is not supposed to be able to access this information does so, that constitutes a data breach.
Consequences of Data Breach
A breach of data can lead to identity theft, financial fraud and serious privacy violations for those who have had their data leaked, as well as a weakened market position and extensive reputational damage.
If you catch whoever is responsible, you can, of course, press charges. However, cybercriminals are getting sneakier all the time. As we’ll discuss in this article, it can take a long time after the fact to figure out that the breach has even occurred, by which time the damage has been done – to you and to your customers.
If you’re deemed to have played fast and loose with security, you may find that your company is held responsible by industry regulators, too. It’s important not to get complacent about this – far too many companies presume that they’re too small to be of interest or don’t have anything valuable enough to steal. In reality, hackers often launch far-reaching, indiscriminate attacks. Regardless of what they do with it later, the fact that a breach has taken place is bad enough in itself.
In fact, as this 2019 study by IBM and the Ponemon Institute shows, the average breach costs a company $3.9million and leaks 25,575 records, at a cost of $150 per record. Financially speaking, the US is the hardest-hit of any country.
How Do Data Breaches Happen?
Data can be breaches in several ways. An outsider might hack into a website and steal information from a database. They may be able to crack a weak password. They may exploit vulnerabilities caused by missing software patches. They may be able to access data on stolen devices that aren’t encrypted or password-protected.
Phishing scams are another common approach used to gather sensitive information and log-in details, while accidentally downloading a form of malware called spyware allows cybercriminals to track remotely what you’re doing on your computer. This can include keyloggers, which record the keys you press, allowing these people to capture your passwords and access sensitive information that way. This is a particularly surreptitious way of doing things because the victim often doesn’t notice for a very long time that someone else is using their sign-in credentials to access this information. It doesn’t leave a trace.
Once they’re in, as well as getting hold of data, hackers may also be able to take over computer microphones and cameras to capture even more information. You can read about how to avoid malware here.
Other problems are caused by rogue wireless networks that pick up sensitive information and sign-in details when users connect to them. If you aren’t using an encrypted connection to public WiFi, such as a VPN, It’s also very easy for someone else on the network with a little know-how to spy on what you’re doing online.
How Long Does it Take to Discover a Breach?
The longer they go on, the worse it gets, too. Breaches that go on for over 200 days cost a company around $1.2million more to fix than those that are caught earlier. What’s more, these costs can keep accumulating for years after the initial crisis.
In fact, many companies might take far longer realize they’d been hacked if it weren’t for someone else telling them. Leading cybersecurity company FireEye explains in its 2019 M-Trends report that, while companies are getting better at detecting breaches, only 60% identify the hack internally. The rest are noticed by someone outside the company.
But why does it take so long to realize there’s been a breach? The simple answer is that cybercriminals are getting smarter and sneakier.
Plus, the threat surface is ever-increasing. We now use more IoT-enabled devices than ever at work – including, in many cases, devices brought in from home that we use to connect to a business WiFi connection. That means there are more options than ever before that a hacker can explore, looking for vulnerabilities they can exploit to get into the network. It also means that monitoring all of these and scanning through them to figure out where an outsider crept in has become a complex, mammoth task.
How to Protect Yourself Against Data Breaches
There are a number of things you can do to steel yourself against hacks and to spot data breaches before they become disasters:
- Monitor your website carefully, keeping track of website alerts and watching out for sharp spikes in traffic. This can signal that an attack is underway.
- Invest in threat detection software to help you detect intrusions
- Set up a decoy data store called a “honeypot”. These don’t contain any useful data, but if a cybercriminal accesses one it sends out a warning so that you know an attack is underway.
- Use data from prior attacks to help you spot future ones, as cybercriminals often use the same tactics over and over again.
- Adopt robust security protocols, so that cybercriminals can’t get in through things like virtual office assistants.
- Remember to change passwords regularly and get everyone in your team to do the same.
- Always use a VPN when you’re connecting to a public WiFi connection.
- Train up employees to help them spot the signs of an attack and encourage them to report these promptly.
Finally, make sure you roll out state-of-the-art antivirus (AV) software to protect against spyware and other malware that could be used to gain access to your system or steal data. More on that below.
Top AV to Keep Your Data Safe
It’s vital that you choose a comprehensive AV program that will give you the necessary protection against data breaches, as well as other forms of viruses and malware. This is particularly true for smaller companies that may not have the means or resources to employ dedicated IT personnel to scan continually for attempted attacks.
The right technology will stay vigilant on your behalf, watching out for any unusual patterns in traffic coming to your site. It will also tackle attempted intrusions head-on before you even know you’re being attacked.
Plus, if you opt for a complete internet security package that comes with a VPN and password protection, you can cover several more anti-data breach bases in one go.
Here are some of the very best AV packages on the market for you to choose from:
McAfee recently added advanced threat detection to its offering and has seen dramatic improvements to its lab results. This has helped it climb back up the rankings to one of the best AV software packages out there. Plus, it’s compatible across pretty much all platforms, has a wide range of pricing tiers to suit any budget (no free one, though). The range of features is excellent, including online transaction protection, and the 24/7 support is highly rated.
Scans can be a bit on the slow side, though, and be aware that real-time protection can affect your operating speeds.
Avast offers state-of-the-art antivirus, anti-malware, and phishing protection. It even has a sandboxing tool, so you can test suspicious files in a safe environment. You can opt for extra features like the SafeZone Browser and password protection, while the more comprehensive packages include a firewall, permanent file shredder tool, VPN and adblocker. Make use of the free trial and 30-day money-back guarantee just in case it turns out not to be the right fit for you.
Note that you will need to buy a new license for every device you use it on. Also, if you need help removing a virus you need to pay for their specialist tech support. This does not come cheap.
If you’re serious about security, ignore the free version and go straight to the infinitely superior paid version of AVG Antivirus. This is a world apart and, even better, supports unlimited devices with a single subscription. Top benefits to watch out for include the file shredder and data safe, automatic updates, anti-theft phone tracker and automatic blocking of unsafe links. The 24/7 customer support is also very good, although you need to pay extra to speak to them over the phone. Installation can be a bit tedious, but you’ll get through it.
Panda also offers top malware protection, plus a swathe of interesting tools that can help you get more out of your devices. The application’s control feature helps you protect older computers and there are a lot of tools for performance tune-up, data protection, and backups. Among the other perks are a password manager, WiFi protection and 30-Day money-back guarantee.
There are some drawbacks, though. The firewall is a bit disappointing compared to many others on the market, you can’t opt-out of data sharing, and while the premium technical support is excellent, the free service doesn’t get glowing reviews
If you’re a bit of a technophobe, you’ll love BullGuard. It’s a super easy-to-use platform, plus the strong AV protection is reasonably priced and available for subscriptions as short as 6 months. Oh, and there’s a 15-day trial and a 30-day money-back guarantee, so you have plenty of time to check out its range tools, including a spam filter, safe browsing features, social media protection, and firewall.
There’s no ransomware protection, though, which is a bit of a downside. Also, you will need to get a new license for every device
These threats aren’t going away. Just because you’re not aware of having suffered a breach yet, that doesn’t mean you won’t at some point in the future. In fact, you might have been hacked already and you just haven’t spotted it yet as you aren’t aware of what is a data breach – but the costs are mounting away in the background. It’s crucial that you take steps to protect all the data you hold and if you have suffered a breach in the past, understand what to do after a data breach and learn from your mistakes. As FireEye explains, once you’ve been hit once, you’re highly likely to become a target again.
Invest in robust technology. Be vigilant. Don’t let a data breach cause chaos for your business.