Search results: data leaks

Mitigating Data Leaks | Part 2

26 Apr

How to Reduce and Mitigate Data Leaks

In the first article about data leakages, we took a deep dive into the causes and consequences that follow when private information from your business gets into the wrong hands.

Preventing unauthorised access to privileged information is essential for every company in the digital age. In this article, we take a look at some policies you can implement to secure your data and take you through a response plan that you can implement if a data leak occurs.

Plugging the leak before it happens

The majority of data leaks are not malicious. They usually take place as a result of human error, and it’s not easy to prevent your team from making mistakes no matter how well you train them.

However, it’s important and possible to implement systems that take away the potential for major data loss as a result of employees making simple mistakes.

Here are a few strategies you can employ in your business to secure your data against leakages

Train your team

  • IT security training is essential for all company employees in a modern business;
  • As part of this training, you’ll want to brief your team on secure email policy, how to identify risky behaviours, and why it’s important to never share sensitive company information with outsiders.

Implement zero trust security

  • Data leaks take place when the wrong person has access to your information;
  • Limit your team’s data privileges so that each member can only access files and other information that are essential to their tasks.

Automate your tracking and monitoring

  • There are many excellent types of software that will allow you to monitor suspicious behaviour like sensitive files being emailed outside of the organisation or unknown users accessing your folders.
  • Automatic alerts and access denials can be built in to help you respond swiftly to a data leak.

Mitigate data leaks within your organisation by further enforcing cybersecurity best practices, such as;

  • Controlling devices with a Mobile Device Management solution
  • Implement robust email security policies
  • Ensure strong printer controls
  • Enforce real-time data auditing

What to do if a data leak takes place

As with any security event, time is of the essence when you realise that a data leak has taken place in your business.

As soon as the leak is brought to your attention you should take the following steps to minimise the damage it may cause.

  • Identify the responsible party. This calls for a lot of honesty and trust between you and your team but it’s always better to admit your involvement in a data leak than trying to hide it.
  • Understand exactly what’s been leaked. By documenting the number of files that have leaked out of the organisation and knowing what they contain, you’ll have a good idea of what information could potentially be in the wrong hands.
  • Beef up your security to prevent future leaks. Once you understand exactly how the leak occurred you can take steps to ensure that the same chain of events never occurs again. This will help secure your company’s data in the future.

Secure cloud storage is an essential tool in preventing data leaks

One of the reasons why leaked data is so dangerous is that anyone can read it and use its contents to do harm. But if your data is encrypted and safe in the cloud, it’s highly unlikely that anyone will be able to access it – and even if they do it’ll be incredibly difficult for them to decode it and make sense of the contents.

A secure cloud storage solution could be your company’s secret weapon in the fight against data loss. To learn more, browse our range of packages and find one that suits your personal or business needs.

Understanding Data Leakages | Data Leaks Part 1

19 Apr

Understanding Data Leakages – Part 1

Cybercriminals are responsible for a huge amount of data-related crimes every year – but they aren’t the only ones responsible for the loss of sensitive business information.

A data leak, which is often the result of employee carelessness or weak IT security policies, can cause crucial information to flow out of your business, even if it wasn’t deliberate.

In this article we unpack the notion of a data leak, find out how it’s different from a data breach, And explore some of the ways data leaks occur.

is it a data leak or a data breach?

If your company suffers a sudden loss of sensitive data this is probably the first question your IT security consultant will ask. Knowing the difference between a data leak and a data breach is the first step in keeping your organisation’s information safe in the digital age.

  • A data leak is any unintentional sharing of sensitive information with an unauthorised user outside your organisation. As the name implies, the ‘leak’ usually takes place from the inside out and often involves an employee or trusted user.
  • A data breach is a deliberate attempt to break through your IT security system from the outside, usually by hackers or cyber criminals. This type of crime takes place from the outside in.

Put differently, the difference between a data leak and a data breach is like the difference between leaving your front door open and someone breaking the lock to get in.

what causes a data leak?

As we mentioned above, most data leaks take place due to negligence or carelessness. Here are the different types of data leaks along with the most likely cause of each one.

accidental data leaks

These data security failures take place by accident and are often caused by employees –

  • sending an email containing sensitive information to the wrong person
  • sharing access to confidential folders with people outside the organisation is another common cause of data leaks
  • taking videos of sensitive company information or events and sharing them on social media is another way data privacy can be compromised

malicious data leaks

This type of leak is deliberate, usually carried out by a disgruntled employee who –

  • seeks to discredit the company or blackmail the management

Malicious leaks often take place anonymously and it can be difficult to determine who the original culprit was.

data leaks carried out by outsiders

This type of incident is almost never an accident. Like a data breach, it is typically carried out by an outsider who plans to use the data for criminal purposes.

  • perpetrators will usually try to trick an employee of the company into sending them confidential or giving them access to privileged files and folders
  • IT managers can sometimes track and investigate this type of leak by flagging emails and folder access granted to people outside the organisation

data leaks caused by IT security failure

This type of leak is caused by incorrect network security settings or errors in mailing list automation software.

  • by the time the error is discovered, important data will probably already have leaked out of the company
  • identifying the cause of the leak and ensuring that doesn’t occur again is essential in this scenario.

protect your data from cybercriminals

No matter what causes a data leak, the cost to your business can be huge. Over the past few years, we’ve witnessed financially damaging data leaks at companies including household names like Nespresso.

Ensuring that your IT security is on point and that your data is encrypted and secured with cloud storage  will help you avoid a similar scenario in your own business.

In our next article, Data Leaks Part 2, we’ll explore the topic of data leaks in more detail and look at some ways you can protect your business against this preventable but damaging type of cybersecurity failure.

2021’s First Quarter Data Leaks Exceed 5-Billion

29 Jun

The first quarter of 2021 seems to be off to a good start – for cybercriminals, that is. According to new reports on Hackmageddon, the first few months of the year have been plagued with cyberattacks and data leaks, with February being the worst month of them all. While January had the most cyberattacks, 23 to be exact, February’s attacks (12 of them) resulted in the most significant data losses, with 3.4 billion records being breached.

An astounding 1.4 billion records were breached in January. Still, in February, when the COMB data leak was reported, it was found that nearly 70% of the world’s population was affected. That’s a lot of people! Before you start Google searching the “COMB data leak,” it actually refers to a “Combination of Many Breaches”, which was really the only way the researchers could compile and look at the breaches as a whole!

january & February data leaks

Research shows that data breached in January and February 2021, was a combination of emails and passwords that had been leaked before. These were the sign-in details of major sites, including the likes of LinkedIn and Netflix. Once the hackers had the information, they shared it with their hacker buddies on a hacking forum!

March must be the month that most hackers take their annual leave (sarcasm intended) because, during the month of March, only 153 billion records were breached, making it the quietest month of the year to date.

The award for the biggest data breach of the year thus far goes to Facebook. One fifth of their entire user network was recently affected in a data breach – leaving 533 million people exposed to hackers.

how can businesses protect themselves?

With data breaches as much on the rise in South Africa as the world over, downloading a free version of security software simply isn’t going to do enough to protect your business and its clients (and your employees too).

Industry professionals advise that businesses hire cybersecurity professionals who know what they are doing. Once you have your cybersecurity mechanisms in place, test them out because if you don’t, cybercriminals will. And they will find the weaknesses in your system and take advantage of them.

education is also an important factor

Any employee that uses a digital device, either one that belongs to the business or their own on your network, needs to be fully educated on the cybersecurity risks and how to behave when using the networks and devices.

Password updates need to be regular, and you must upgrade and enhance your security system as often as possible.

have you been a victim of a cyberattack in 2021?

Sharing stories and information plays a crucial role in helping others become more aware of the risks out there and how they can be overcome. If you or your business has been a victim of a cyberattack/breach this year, share your story with us!

Data is your responsibility | data backup

17 May

Make data your responsibility 365 days a year

Today, productivity is taking place in the cloud more than ever before. In fact, it’s hard to imagine a time when we used to rely on physical storage like hard drives to keep our data safe. Switching to cloud-based apps and online backup for business and personal use comes with a raft of benefits, but it also means that every member of your organisation needs to understand that “data is your responsibility” for good cybersecurity.

Here are some ways you can encourage data responsibility in your business and keep your sensitive information safe in the cloud.

everyone is online nowadays, hackers  included

The past two decades have seen a major shift towards cloud-based computing as Internet bandwidth has increased and more organisations switch to decentralized remote-based working.

  • In most industries, specialised software that used to come on CD, DVD or- if you’re old enough to remember these – floppy disks, is increasingly available for download on a subscription basis.
  • For users these innovations mean connecting to the Internet to access data from servers around the world every time a computer is used in the workplace.
  • Billions of people accessing information online every day means that the opportunity for cybercrime has skyrocketed in recent years.

To fully benefit from the convenience and productivity boosting features of cloud-based apps you need to ensure that every single user on your network takes responsibility for the safety of the data they use, twenty-four-seven and 365 days a year.

data security from the ground up

To keep your business information safe and prevent data leaks or hacking attempts, you’ll want to consider the following strategies:

  • Start with the basics. Up-to-date antivirus software, a strong firewall, secure passwords, zero trust, and a strict privacy policy form the bedrock of your cyber security approach
  • Train positive behaviours at work. It’s essential to instil a sense of responsibility in your team for all the data that they use on a regular basis and ensure that no sensitive information is shared with unauthorised users.
  • Keep your cloud cloud-based data safe with secure encryption. This type of data is difficult to decipher even if it’s leaked, making encryption your front line defence against unauthorised data access and hackers.

make data your responsibility and stay safe in the cloud with Soteria

As your company embraces cloud-based productivity, our range of secure cloud storage solutions will help keep your information out of the wrong hands. To learn more, contact the Soteria team today.

Nespresso Data leak | Cybercrime

22 Mar

It’s a Caffeine hit with Nespresso Data leak

Cybersecurity has been in the headlines a lot lately, with South African companies increasingly falling victim to hacking, malware, and data breaches.

Two of South Africa’s best loved brands, Absa and Nespresso, recently had their share of cybercrime trouble when the companies suffered large data breaches in which the personal information of their clients, suppliers, and distributors was at risk.

Here’s what you need to know about these major cybersecurity failures as we all do our best to stay safe online

Nespresso data breach: jitters caused by the latest major data leak to hit SA

Many of us like to start our day with a nice fresh cup of coffee, but for Nespresso distributor Top Coffee, the morning of March 8 began with something less appealing: a huge data leak.

The company, which is responsible for distributing the well-known Nespresso machine and the variety of coffee pods that go with it throughout South Africa, holds a significant amount of personal information relating to clients and coffee retailers in its database.

While Top Coffee was quick to point out that no sensitive financial information is likely to have been leaked, highly personal information like names and phone numbers may have been part of the data that was lost. The company has since fixed the error that lead to this incident and assured clients that their data has been protected.

Nespresso is just one of hundreds of South African companies that have fallen victim to cybercrime over the past few years, with the number of these incidents having increased since 2020.

Absa data leak update: 15 months later, worse than we thought?

Clients and suppliers were shocked in November 2020 when Absa announced that it had been the victim of a major data leak . The bank, which has almost R1.4 trillion in financial assets and 9.7 million customers throughout South Africa, was widely respected for its comprehensive digital security measures until the breach occurred.

According to Absa, the personal information of many clients may have been compromised in the leak. The bank is in the process of contacting clients who were directly affected on an individual basis.

This information was released by Absa following an extended investigation by the bank that lasted more than a year.

These two major data breaches highlight the importance of having comprehensive data backup and security in place no matter how large or small your organisation may be.

be proactive: protect your data with secure cloud storage

Cybersecurity measures like a strong firewall, updated antivirus software, and secure cloud storage are some of the ways you can protect your business against data-related crimes. Reduce the downtime and recovery of an unwanted data leak with encrypted and automated online backup.

To learn more about our range of cloud storage solutions, contact the Soteria team today.

South Africans are ‘pwned’ in worst data leak ever

28 Nov

Having your personal information and data compromised can mean serious problems for both private individuals and corporations. The biggest data leak to date in South Africa, was recently discovered by Troy Hunt, the regional director of Microsoft.

The information that Hunt found online contained over 30 GB of data detailing the ID numbers, income details, occupations and addresses of over 30 million South Africans! Even more concerning is that no-one really knows what this breach means. There has been no claim or indication of whether it was posted online with the intention to cause damage, commit fraud or simply as a result of pure ignorance/negligence.

Is the leaked info that Troy Hunt found legitimate?

The file that Troy stumbled across was called “masterdeeds” which immediately piqued his interested. He turned to Twitter to ask the general public what should be done.

In an attempt to determine legitimacy, several South African followers offered to compare their personal particulars with those that Troy had found and sure enough, the details were accurate! This type of leak is often caused by a lack of correct protocols and set practices in departments where sensitive information and data is handled.

Troy Hunt – SA public hero #1

Troy Hunt is a Microsoft regional director, and owner of website “haveibeenpwned.com”. This website is a public service that enables individuals (and businesses) to check if any of their email addresses have been compromised by hacks.

Troy Hunt added all the email addresses related to the recently publicised hack to the haveibeenpwned.com database, so there’s no time like the present to check if your personal information has been affected. The leaked information dates all the way back to 1990, so you might want to check multiple email accounts, even ones that you haven’t used in years.

Are data leaks always going to plague the world?

Ignorance is often to blame for data leaks and hacks. If more people understood the dangers in a data leak and how they actually happen, there would probably be far fewer occurrences. There are a few ways in which you can safe guard yourself from them though. Consider these tips:

  • Don’t keep sensitive data stored on local machines where everyone has the same access
  • Make sure that sensitive data is backed up with data encryption and not stored locally
  • Don’t use the same password across all accounts and platforms
  • Make sure that your passwords are strong and are not based on things people could easily guess from your personal information
  • Use a tool such as LastPass to create, store and protect your passwords.
  • Have you been “pwned”?

It’s time to start taking steps towards protecting yourself against data leaks and breaches! Safeguard your data by backing up regularly to the cloud regularly and don’t forget to check if your details have been made public!

Cloud Security Requires Team Effort | Secure Cloud Storage

25 Jan

Cloud Security in 2022 Needs to be a Team Effort

Secure cloud storage has opened up a whole universe of possibilities for companies and individuals around the world. With data being available from anywhere at any time, the days of being tied to your hard drive and other storage devices seems like a distant memory.

But like everything else, cloud storage isn’t immune to the bad intentions of criminals.

To make use of this innovative technology safely, cloud security should be a team effort, requiring  individuals and companies to work together to enhance their online security in 2022.

Here are some of the big security challenges facing the world and SA this year and some strategies you can implement in your business to make sure you meet the challenge.

cybercrime is a very real threat

As if securing your home and business from physical thieves wasn’t enough, you’ll also need to ensure that your data  is safe this year.

Cybercrime has been with us as long as the internet has existed, but the number and severity of data leaks and successful large-scale hacking attempts have intensified since the pandemic began.

  • Cyberattacks are increasing exponentially around the world, with a number of these events taking place in the first quarter of 2021 alone exceeding the total count for 2019.
  • This trajectory is set to intensify in 2022 as remote working and e-commerce continue to grow in popularity.

South Africans who believe that we are immune to the worst of these attacks may have another thing coming – and that thing may be a data breach.

With several companies and government departments having been hacked over the festive season, the reality is sinking in that cybersecurity is a very real priority for organisations across the country.

keeping an eye on the cloud

As a provider of secure cloud storage, we’re sometimes surprised that some businesses play fast and loose with their online security.

The huge advantages of cloud storage – the biggest one being instant access from anywhere, at any time – can also pose a risk because an authorised user who successfully breaches your cybersecurity barriers can access your data just as quickly as you can.

as threats grow, cloud security requires team effort

Keeping your cloud data safe is a bit like keeping other valuables safe. It’s all about vigilance as a whole. If just one person drops their guard or leaves the safe door open – you all lose.

  • If you have a lot of valuables in your safe, you’ll want to keep that safe absolutely secure and out of the wrong hands.
  • By the same token, the data in your cloud storage needs to be kept absolutely safe, with only authorised users having access to it.

From a business point of view, this means coordination between various departments and working closely with your IT consultant to ensure that a data breach isn’t one of the things you need to worry about this year.

don’t let your crypto get pickpocketed

An especially costly form of cybercrime that uses cloud data breaches is becoming more frequent around the world.

  • Crypto hacking and cyber mining take place when an attacker gains access to your cryptocurrency data and either siphons it off, locks you out of your own crypto account, or uses your crypto mining resources for their own benefit.
  • While some of the perpetrators of these crimes claim they are just skimming off the top, there’s no way that this form of cybercrime can be seen as harmless.

Ensuring that no authorised users gain access to your cloud data has become essential in the age of cryptocurrency, because a single data breach has the potential to clean out a large chunk of your total assets for good.

making data security everyone’s concern

Cybersecurity issues affect everyone in the organisation and beyond, with clients and suppliers sometimes being targeted in a chain attack.

For this reason, it’s important that every employee makes it their business to be cybersecurity savvy and that organisations provide them with the required training so that they can spot the signs of a cyberattack and know what to do in the situation when time is of the essence.

secure cloud storage : the bedrock of your digital security strategy for 2022

Secure cloud storage is the first step towards a fully online and secure business. To learn more about our range of cloud storage solutions, visit our website today.

Cyber-incident Response Plan | Cybercrime

9 Nov

How to Build a Cyber-incident Response Plan

No matter how hard you work to prevent data leaks or hacking incidents, the sheer number of these events taking place recently means that your business may have to deal with the reality of being the target of cybercrime in the future.

Like any crisis, it’s what you do in the hours and days following the incident that makes all the difference when it comes to mitigating damage.

A rock-solid cyber-incident response plan can help get your business functioning again after a cyberattack. Here’s how to create one.

the growing need for cyber security response

Whenever a crime takes place, a rapid and powerful response is needed – and the same applies to digital crimes.

  • With 98% of companies having been exposed to a cloud data breach in the past 18 months, the need for decisive action in the wake of an online attack has never been greater.
  • Don’t wait until it’s too late to implement an incident response system. By putting a plan together now, your business will be in a strong position to respond in the face of an online security breach.

here’s what a good incident response plan looks like

There are several components that form part of an effective response plan. Here’s what you need to implement in your business to minimise the effects of a cyberattack.

Image: https://powerslides.com/

 

  • Accountability. Assigning senior staff members and executives to the security response team will ensure that the people with the authority to make decisions are available if and when an attack takes place.
  • Roles and contacts. Knowing exactly who will be responsible for each aspect of the response plan ahead of time will allow you to act swiftly in the event of an attack with the help of your IT department or cybersecurity consultant.
  • Communication methods and Plan Bs. It’s worth noting that communication channels like VoIP and email may be down in the wake of a cyberattack. Traditional communication methods like telephone and text messaging will be crucial in this scenario.
  • Recording the incident. Any good investigation needs to establish what happened, when it began, what departments of the business were affected, and who the possible suspect/s might be. Reporting this information with the help of your IT department will be crucial in the minutes and hours following a cyberattack.
  • Containment, eradication, and recovery. Depending on the scale of the damage caused by a cyberattack, your IT department may decide to watch and wait in order to gain important clues about the attackers or take measures to contain the damage -including shutting down the company’s entire IT network.

Minimising the damage that a cyberattack can do to your business starts with your IT infrastructure. To find out how secure cloud storage can protect your data, chat with our team today.

Image courtesy of: https://powerslides.com/powerpoint-business/project-management-templates/incident-response-plan/ 

End-to-end encryption | Mobile Apps  

14 Dec

How to keep end-to-end encryption on – when it’s ended!

Data encryption is essential if you want to make sure that only you and the person you’re chatting with have access to the content of your messages.

With an increasing number of leaks emerging from popular messaging apps including WhatsApp in recent months, keeping your private communications private has never been more important.

If you’re a WhatsApp user, here’s everything you need to know about end to end encryption and how to activate it on your device.

are your whatsApp messages really safe?

When you send and receive text messages the least you would expect is that no third parties should be able to read them.

  • To keep your messages private, apps like WhatsApp encrypt every message you send on both ends.
  • E2E encryption means that once you send a message it’s essentially scrambled until it arrives on the recipient’s phone – but there’s a little loophole here.
  • Your messages may be encrypted, but if you use cloud backup they could still be accessed by hackers or law enforcement authorities.

To address this hole in their data security, WhatsApp has introduced the new encryption system for cloud backups of chat messages.

By selecting cloud encryption and setting a password or 64-bit access key, you can give your backed up messages the same level of security as the WhatsApp messages currently on your phone.

how to activate E2E encryption on whatsApp

You can secure the privacy of your messages on an iPhone in a few easy steps:

 

how to add end-to-end encryption

 

  1. Open WhatsApp on your phone.
  2. Tap on Settings.
  3. Follow this tap sequence: Chats > Chat Backup > End-to-end Encrypted Backup.
  4. Tap on Continue, then create a password or 64-bit key.
  5. Tap on Done – and you’re done!

*Note: If you don’t and encrypted backup option on your phone yet, hang tight – this feature is currently being rolled out to users.

Keep your data safe data safe with encrypted cloud storage

The data you need to keep safe goes way beyond WhatsApp messages.

A truly comprehensive data security policy should cover all your sensitive electronic information. Our range of cloud backup solutions is the ideal tool to keep your data safe. Contact us today to learn more.

Cyber Security in SA – What Are Our Weak Spots?

4 Jul

As SA moves from number 58 to 31 in the rankings on the most ransomware attacks globally, we take a look at our weaknesses and vulnerability as a country.

It seems that now is the time for cyber-security experts to join forces to bring about new awareness of cyber threats in the country. The statistics are not altogether unbelievable when you consider that in 2016, ransomware attacks increased by a whopping 400%. That translates to an average of 4 000 ransomware attacks each day, and that’s just the attacks that are reported and that we are aware of. While the USA is in total despair over the millions of dollars being wasted on cyber-attacks, South Africa should take heed and raise the levels of security threat awareness.

In 2016 South Africa ranked at number 58 in the list of the 117 countries suffering the most cyber attacks. In less than a year, SA has jumped up to the 31st most attacked country, losing around R50 billion to such attacks.

SA industry experts must be doing something wrong…or at least consumers, business owners and the public sector are suffering bliss through ignorance. Something has to be done and it’s believed that now is the time for industry role players to get to work creating better public awareness of threats and educating people on how to safeguard themselves, business and family from cyber related crimes.

Where South Africa’s Cyber Security Fails

One of the biggest cyber security weak spots in SA is how people and businesses view the threat of cybercrime. The severity and danger of data theft and leaks is often not fully grasped as the criminal can’t physically be seen and the threat doesn’t appear to be life-threatening.

This is where so many people put themselves at even greater risk. Just because one cannot see the weapon being wielded does not mean that the threat does not exist. As a result, when a business or a consumer becomes a victim of cybercrime, they don’t report it to the relevant authorities (insurance providers and the police).

Of course that’s not the only reason why such crimes aren’t reported in SA. In some instances, a business will fear losing face and the loyalty of their consumers.

Other weaknesses in SA cyber security include:

1. Unsecured internet facing servers
2. Outdated or no email encryption in place
3. No IT professionals on site or advising on general cyber security practices in the work place
4. Little to no security threat awareness or protections in place
5. Storing sensitive data and information on site instead of backing up to the cloud (with data encryption)

What SA Needs to Do About its Cyber Security Status

South Africa has a proposed Cybercrime and Cybersecurity Bill where criminals will be brought to book. The general consensus amongst industry leaders is that the country as a whole needs to prevent the problem instead of simply looking for a course of action that can be taken after the fact.

The first step that South African’s need to take is to understand the value in data encrypted back-ups.

How does this help? Ransomware basically holds your computer or hard drive data hostage in exchange for money. If the only copy that you have of your data is on your personal or business device, you have no option. You either pay the money over or suffer the loss of your data. However, with back-ups, you can simply restore your data (from your backup) once the device has been cleared of the ransomware without having to pay a cent. It’s a fail proof disaster recovery strategy

Installing early detection and threat prevention software is also important. If you are transacting online and don’t have security on your device, you’re at risk. Big risk.

Lastly, it’s also essential to educate your workforce on the potential threats and how to conduct themselves with business devices, systems and networks to mitigate such security threats. With everyone doing their bit to create awareness and conduct themselves safely online and with business data, we can change those shocking statistics.

If you want to get started with improving on your cyber security, take the time to learn more about the features of encrypted data backup and consider one of our packages for home and business computers and devices.