Protecting Individuals and Businesses From Data Breaches

Published on 13 Nov 2020

Updated on 16 Nov 2020

There has been an increase in the number of reports of data breaches globally. For individuals, their leaked personal data and information may be used by threat actors to carry out targeted phishing attacks or impersonation. The impact of data breaches for businesses can also be severe, resulting in a loss of trust or reputation for the businesses, as business or customers’ personal data are leaked or put up for sale online. In other cases, the data is held at ransom by cyber criminals, and may not be returned even if a ransom is paid. 

For individuals, practising good cyber hygiene measures can help to mitigate the impact of having their data exposed, in the event of a data breach. Businesses also need to raise their defences against common data breach vectors to reduce the risks of a possible data breach. Businesses should also put in place adequate measures to minimise the impact of a data breach on their customers.


Common Causes of Data Breach

Weak/Stolen Passwords 
Weak password management provide an easy means for threat actors to gain access into a system.  This includes the use of weak passwords that can be easily cracked, such as those that comprise personal information or easy-to-guess passwords. Passwords are the keys to a lock, and should be safeguarded in both the physical and cyber realms.

Unpatched Vulnerabilities
Vulnerabilities which are left unpatched could be exploited by threat actors to gain access into networks or systems to perform various malicious actions, such as modification of files, data exfiltration, and installation of malware or ransomware.

Phishing
Phishing is a popular technique used to obtain sensitive information such as login credentials or credit card details. A phishing email is an email disguised as being sent from a legitimate entity, tricking victims into clicking on a phishing link. Clicking the link will lead to a phishing page which would request for the victims' confidential details or cause the victim's computer to be infected with malware. Phishing may also be conducted via SMS or social media.

Insider Threats 
Insider threats may take the form of deliberate actions by disgruntled/rogue employees who knowingly leak data to competitors or sell them for financial gain. They may also take the form of unintended actions by careless employees who lose data-storage devices, or sends confidential emails to the wrong recipients. 

Cybersecurity Measures For Individuals

  • Use a strong password of at least 12 characters which includes upper case, lower case, numbers and/or special characters.
  • Avoid using the same password for different accounts.
  • Enable two-factor authentication (2FA), where available.
  • Ensure that an antivirus software is installed on your device and update it regularly.
  • Perform antivirus scans regularly to remove any known malware on your device.
  • Enable password protection on data storage devices and lock them up when not in use.
  • Avoid sharing personal information online and limit access to social media accounts as threat actors commonly look for and use such personal information to carry out targeted phishing.
  • Always be wary of suspicious emails and verify before clicking any links or downloading any attachments, especially if the email comes from an unfamiliar sender. 
  • Verify a link in an email/SMS by checking the domain name of the site, as it is an indicator of whether the site is legitimate. Users can hover their mouse over the link to ensure that they are being directed to the URL stated. 
  • Avoid using public Wi-Fi when accessing bank accounts and logging in to websites that require sensitive personal information such as banking details and login details, as others may spy on the public network and intercept it. 

When Performing Online Transactions

  • Consider designating a single credit card for all online purchases and closely monitor transaction alerts via SMS or email. Individuals may also customise a daily transaction limit to prevent large transactions from occurring if your account were to be compromised.
  • Ensure that the website supports secure payment service. You can verify that the website is legitimate and trustworthy by checking the Secure Sockets Layer (SSL) certificate through the lock icon on your browser’s URL bar. This SSL certificate also enables encryption on the website through Hypertext Transfer Protocol Secure (HTTPS). Users should avoid websites that do not support HTTPS.

Individuals may also check if their email account details have been leaked in a past data breach by visiting ‘have I been pwned’ (HIBP). Email addresses flagged by the HIBP webpage are those that were exposed during a prior online platform data breach, where the email address was used as a login credential. Although it may not mean that the email account has been compromised, individuals should consider to change to a strong password and enable 2FA on the account. 

Cybersecurity Measures For Businesses

To reduce the risk or impact of a data breach, businesses are recommended to adopt the following cybersecurity measures to secure their infrastructure and systems.

  • Limit privileged access to authorised personnel. This reduces the risk of privileged account abuse or compromise. 
  • Update systems, software and applications to patch existing vulnerabilities.
  • Perform antivirus scans regularly, and keep antivirus software updated with the latest malware signature files.
  • Encrypt important or sensitive data so that even if the encrypted data is stolen/leaked, the damage will be limited. Sensitive data should not be publicly accessible or left unencrypted.
  • Monitor databases for suspicious activities, such as unauthorised copying or exfiltration of Personally Identifiable Information (PII) or important business data.
  • Monitor outbound network traffic for unauthorised communications or data transmissions. For cloud-native applications, ensure proper configuration of security settings and access control. 
  • Maintain an updated backup of all the important data to facilitate restoration in the event of a ransomware attack, or a data breach resulting in data loss. The backup should be stored offline and not connected to the enterprise network.
  • Conduct security awareness training for employees to learn good cyber hygiene practices such as proper management of important data, and identifying of phishing emails.

In addition to these cybersecurity measures, businesses should also develop a data security plan specific to the company's context that outlines how sensitive company data should be used, and the destruction of data that is no longer needed.


For Businesses With an Online Presence

  • Avoid storing credit card information on your site by using a good secure payment gateway which has robust checks and validation. Examples of such payment gateway services includes those that are tested and approved by the Payment Card Industry Council (PCI). If storing credit card information is necessary, businesses may wish to follow standards such as the PCI Data Security Standards.
  • Enforce the need for customers to use a strong password for their online account. Where possible, businesses should implement a two-factor authentication (2FA) as part of the customer login process. 
  • Businesses should also install Secure Sockets Layer (SSL) certificates on their web server to secure and safeguard any data that is sent from the browser to the web server. This prevents threat actors from accessing or modifying any information transferred during a transaction, such as customer’s personal particulars or credit card details. 
  • Use a web application firewall to protect your website from common attacks such as SQL injection, cross-site scripting, and cross-site request forgery.


Data Breach Response Plan
 

Besides preventive measures, businesses should also develop a data breach response plan that should encompass both administrative and containment/recovery actions if a data breach is detected.

Administrative Actions

  • Lodge a police report if criminal activities (such as hacking or theft) is suspected.
  • If you believe your employees/customers PII data was compromised, report the incident to the Personal Data Protection Commission (PDPC) at https://eservice.pdpc.gov.sg/case/db. PDPC has also developed a guide to managing data breach.
  • Contact your affected customers, if any, to take steps on securing their accounts.
  • Develop a crisis communications plan for communicating how the company is managing the data breach.

Containment/Recovery Actions

  • Conduct an internal investigation to determine how the data breach occurred. Businesses may wish to consider engaging the professional services of a vendor if the data breach occurred as a result of an intrusion into the company’s system, so as to properly clean up and remediate the breach.
  • If necessary, restore your system to a clean backup, and/or rebuild the compromised system.
  • Perform an antivirus scan to detect and remove any malware in the systems, and patch all systems and software.
  • Monitor the database and systems for any further suspicious activities. 


References: