Data breaches are in the news a lot these days, and 2019 has already been a doozy. From Coffee Meets Bagel to Coinmama, these corporate breaches resulted in leaked sensitive documents and stolen personal information, among other serious consequences. One thing is certain -- there's a great deal for businesses to learn from 2019's worst data breaches.
Let's dive into how these breaches happened, how they could have potentially been prevented, and what companies can learn from these incidents as we head into the next half of the year.
1. Turn to strong, unique passwords.
Earlier this year, TechCrunch reported a data breach in which a whopping 24 million mortgage and bank loan documents from major American lenders were leaked. The leak exposed mortgage and loan agreements, amortization schedules, and borrowers' sensitive personal information such as names, addresses, and even Social Security numbers. The leak occurred due to an unsecured online server that lacked password protection, allowing anyone to access millions of confidential documents.
To keep your company's data safe, always use strong and unique passwords. With that, each password should only be used with one account or server. Even better, build a highly skilled IT team that understands data privacy and server security.
2. Make a disposable email address.
On Valentine's Day, users of the dating app Coffee Meets Bagel received an email notifying them that their personal data had been compromised. A data breach had occurred in which hackers accessed personal information on six million of the app's users. The reason for the breach wasn't revealed, but the company's systems likely had a vulnerability that cybercriminals were able to exploit.
A breach can happen to any company at any time. Your company should have a security response plan so you can notify your customers if a security incident occurs. In addition, for added privacy, companies can help protect their users by encouraging them to use a disposable email address to keep their personal email addresses separate from the app. Also, it's advised consumers don't use their work email addresses for personal accounts.
3. Invest in vulnerability scanning solutions.
The third major data breach involved Coinmama, a company that lets users buy Bitcoins and Ethereum with a credit card. In this incident, Coinmama's database was hacked, compromising the personal information of 450,000 users. The company believes the leaked data involved the emails and passwords of users who signed up before August 5, 2017. As with the Coffee Meets Bagel breach, it's likely that Coinmama's systems had vulnerabilities that went undetected.
To avoid a similar fate to Coffee Meets Bagel's, companies should implement solutions that automatically scan and patch vulnerabilities on their websites and systems. This way, open vulnerabilities are fixed automatically. They can also provide users and customers with tips on how to recognize suspicious emails and advise them to avoid clicking links or downloading attachments from these emails.
4. Embrace end-to-end encryption.
Another 2019 data breach involved Earl Enterprises, the parent company of Buca di Beppo restaurant chains. The company announced that a 10-month long data hack had compromised the payment information of Buca di Beppo customers. The incident was caused by malware that infiltrated point-of-sale systems at various restaurant locations and collected sensitive information such as credit card numbers and cardholder names.
To prevent this from happening to your company, hire cybersecurity experts to check your system for vulnerabilities and to secure your point-of-sale system products. Another important practice is switching to end-to-end encryption, which keeps your customers' data encrypted during the entire payment process.
Protecting your company.
As these cases show, data breaches can happen to any company at any time. It's important to understand how they occurred and how to protect your company from similar incidents.
Ultimately, best cybersecurity practices are necessary to protect your users, company, reputation, and data. Some of the most essential steps are regularly monitoring and updating your systems, using secure and unique passwords, and educating employees, users, and customers on basic cybersecurity practices. By taking these steps, you can help prevent your company and customers from becoming the targets of 2019's next set of destructive data breaches.