Examine 3 Recent Business Data Breaches & Learn How to Prevent Hacking

Today, businesses are more likely than not to experience a security threatWith the prevalence and variety of hacking techniques occurring today, organizations face a unique challenge of maintaining effective security of their systems and data. Here are some recent scenarios where major breaches occurred – and what companies could have done to prevent them.  

Breaking Down Recent Business Hacks and Security Vulnerabilities 

In the past three months, three different kinds of business security attacks highlight the importance of comprehensive enterprise IT security:  

  1. An Email Phishing Scam at a Fitness Retailer

Just this past April, customers of BodyBuilding.com found their data compromised. This was because the company fell victim to an email phishing scam which was discovered in February.  

A formal investigation finally tracked the source of the data breach down to a single phishing email that a business user received in July of 2018. Phishing scams are one of the oldest tricks in the books for hackers, and yet, they are still effective due to a lack of user scrutiny.  

An email appearing to be from a major bank asking users to verify their identities with a masked link can be a perfect opportunity to drop sensitive information directly in the hands of hackers. Due to the security breach, some BodyBuilders.com users potentially had their data compromised, including names, addresses, phone numbers, and the last four digits of their credit cards.  

The company could have easily avoided this security breach with better user education and security practices. Staff should know how to avoid phishing emails, and companies can supplement good user habits with effective anti-phishing software and firewalls, up-to-date antivirus software, and improved monitoring 

  1. A Ransomware Attack at DoctorsManagement Service 

Last December, medical billing specialist Doctors’ Management Service identified a security breach. Several months of investigation later revealed that the company was victim to the ransomware GandCrabAs a partner to dozens of hospitals, the compromised patient data potentially included names, social security numbers, insurance information, medical information, and drivers license numbers 

This security breach was an instance of a ransomware attack via Remote Desktop Protocol (RDP) from a DMS computer in 2017. According to security firm Avast as well as the US Department of Homeland Security, RDP ransomware attacks have been sharply increasing in frequency since mid-2016.  

Similar to phishing, ransomware prevention can start with good email practices. Establishing a strong business continuity & disaster recovery plan and data management system are also important for preventing downtime or other consequences of a ransomware attack. With a balance of remediation and prevention strategies, companies can benefit from the strongest security against ransomware.  

  1. An Unpatched Vulnerability at Oracle WebLogic 

This April, security experts found a critical zero-day vulnerability in Oracle WebLogic. This business application server is designed for organizations to easily and quickly deploy cloud-based services. However, the security hole discovered would enable attackers to run commands on the business server without any authorization whatsoever 

The security vulnerability has yet to be patched, but businesses can protect themselves by configuring specific settings for WebLogic 10x and WebLogic 12.1.3. Active threat monitoring of programs and subscribed services is a critical component of business security – companies who take these prevention steps now may dodge upcoming attacks that exploit this very vulnerability in the coming months.  

A Culture of Security Boils Down to Education and Diligence 

Maintaining good business network security is as much about culture as it is hardware or software solutions. All users across a network contribute to its security with good habits and a solid understanding of the ways that a system can be compromised. Education is critical to that end.

Businesses should actively educate staff on good security practices and facts. For example, emails–especially those originating outside the company–should never be trusted. Even emails that appear to have come from inside should be thoroughly scrutinized before opening attachments or sending a reply. Users should always alert supervisors or administrators about any suspicious emails, and never open unverified attachments.  

Staff should also know how to cross-check a sender’s email against headers, verify links without clicking them, and know which sites to avoid surfing over the business network. For remote or traveling employees, they should have access to a VPN so that company data stays safe even while users are accessing information on-the-go.

For a quick common-sense test on spottting a phishing attempt, check out this free informational site and quiz provided by Google: https://safe.page/. The quiz only takes a few minutes, but will present several common situations and methods that attackers might use in order to gain access to accounts and/or data.

How to Maintain the Best Security Against New Hacking Attempts 

Hackers are always coming up with new ways to breach systems, and even businesses who uphold today’s best practices in security could be vulnerable tomorrow. Unless a business is a security firm, chances are it is not capable of proactive systems security.  

For many businesses, the best way to uphold best practices in IT security for now and the future is to outsource network security to the experts. CDS has been delivering industry-leading security management to clients for over 40 years. Security solutions, including advanced malware protection (AMP), ransomware removal, and network segmentation, are available to meet the needs of any business, from small businesses to highly regulated government contracts.  

Ready to learn more? Contact us today and discover how our security solutions can protect your business and clients. With tailored, a la carte solutions to comprehensive managed technology services; we are prepared to meet the security needs of any enterprise, large or small.