There’s not a week that goes by when we don’t hear about another security breach on a large corporation or enterprise.

So the question is… what can we learn about these breaches to help secure our own business?

Well in this post I’m going to go into details on the biggest breaches of 2018, how they happened and how to protect your business against the same form of attack.

As a bonus, I’m going to tell you all about a tool that you can check to see if your details have been stolen.

Number 1: Exactis

You’ve probably never heard of this firm. I know I hadn’t.  They are a marketing company that does data aggregation.  Three hundred forty million records breached.  This happened back in June of 2018.

A security expert spotted an open database on one of their public servers. Whilst the data was not hacked; it was just sitting there waiting to be found.

How do you protect your business from this type of scenario?  Make sure you know where your data is stored and who has access. 

Implement a policy on any new IT infrastructure or cloud services that are being installed in the business and have some form of auditing on where data is located.

Number 2: Marriott hotels

I’m sure you’ve stayed at one of the Marriott group hotels in the past. 

These include:

  • Regis
  • The Luxury Collection
  • W Hotels
  • Sheraton
  • Westin
  • Le Meridien
  • Tribute Portfolio
  • Design Hotels
  • Four Points
  • Aloft
  • Element

Five hundred million customer records were breached between 2014 and September 2018. 

These were ongoing independent hacks over a prolonged period.  It’s surprising it was not spotted sooner. 

What can we learn from these type of attacks?

Make sure your IT security can scale with the size of your business and systems you have.  Marriott had both web portals, point of sale machines and internal databases hacked.

Any time you add a new system into your technology stack it posses a security risk.  Make sure you include all systems in an IT security audit.

Free Download: 2019 Small Business IT Security Blueprint

Protect your business this year with our free IT security planning guide.

[sdfile url=”https://gopher.co.uk/download/5031/”]

Number 3: Aadhar

Again this may not be an organisation you have heard of, but it’s a government agency based in India.

1.1 billion Indian residents personal details were breached including their social security number (ID number).  This happened back in March 2018.

It turns out their database system was running what’s known as an API – this is just a way for two different systems to speak to each other.  Anyway, the API was not secure, and data was being leaked to outside sources.

What can we learn here?  Well, there are a lot of these API’s in use, and if you are using any services that hook into products like Office 365 or G-Suite, then an API may be in use.

Make sure any services that you might sign up with that use an API that speaks to one of your other business systems is secure and legitimate.  The best way to check is by asking us.

Bonus

As promised we have a bonus – the above companies mentioned are only the top 3 of 2018 – there are many more.

You can check to see if your personal or business account has been hacked by using this free tool:  Have I Been Pwned.

This tool checks your company email address or personal address against a database of information that is actively being sold for profit on the web.  If you have had an account breached or would like to secure your IT systems, then please contact us.

Want to find out how we can help you?

Free Download: 2019 Small Business IT Security Blueprint

Protect your business this year with our free IT security planning guide.

[sdfile url=”https://gopher.co.uk/download/5031/”]