Data Breaches Suck & What to Do About Them
Don’t you just hate data breaches?
They’re a pain in the neck and half the time you can’t even remember what you signed up for in the first place, right?
Now take that issue and apply it to your business, and imagine the damage a data breach from someone in the organisation could have on your operation. Potentially, catastrophic, most like expensive regardless.
Luckily there’s a couple of (fairly) easy things you can do about them, to at least set you on the path to success. Thanks to tools like SpiderFoot.
And anytime I can use a meme from The Room is a good day. Oh hi Mark. If you want to talk more about how to be proactive against breaches, feel free to DM me on Twitter/LinkedIn or contact Perspective Intelligence. Or consider buying my book 🙂
Article from LinkedIn below:
Don’t you just hate data breaches?
I know I do. “Oh, a sophisticated attack has stolen your password, personal details and your soul”, which we all know is code for spotty teenagers somewhere in Eastern Europe, or indeed, Northern Ireland if you’re TalkTalk.
One of the biggest problems that almost everyone faces is the sheer breadth of different online services we’ve all signed up for a millennia ago, or 2018 when we take the pandemic out of the equation. You know, one with the same password we’re using for everything else because it’s easy and then totally forgotten about. Suddenly one day, they’ll get in touch and say they’ve had a proper whoopsie daisy, and now you’re in trouble. Amazing!
If you’re (un)fortunate enough to work in cybersecurity, then it’s not surprising. If, however, you’re much saner than to work in cyber, you may not realise the sheer availability and depth your second-hand passwords have online. There are forums and marketplaces all over the place selling this information. All of it geared toward making you think you’ve got an issue with your bank or your new favourite uncle in a country you never visited has left you a couple of hundred Bitcoins.
Or maybe it’s more malicious and is targeting your business. Perhaps that one time the office dodo (there’s always one, right?) signed up for some dodgy dating site with their work email (like a boss) has left open the keys to your castle. Especially when you don’t make staff change passwords (whether that’s a good idea or not), ensure they use multi-factor authentication or consider using a different password for different things (gasp!)
Opportunity Costs… Or does it?
There’s a problem with cyber, though, and that’s the bloody cost of it. If you can afford the latest AI-driven, dark blockchain snake oil toy, then good for you. But for most businesses, and according to official figures, there are 5.6 million of them in the UK as of December 2021, the six-figure sums being demanded by most companies is just too much. So how can you think about data breaches without breaking your bank (or sanity)?
Well, there are some great resources out there, like HaveIBeenPwned and its PwnedPasswords service, so you can check things like your entire email domain for previous breaches and make sure those accounts get updated/extra vigilance. And then there’s Spiderfoot, which allows you to do things like attack surface management and scan for domains against tools like Dehashed. That may sound complicated, but really it’s a database of data breach information, which can be incredibly helpful if you think you’ve suffered a whoopsie, as you can see exactly what was available so that you can protect all of that information better.
The above may be a little manual, but it could be a starting block to help you protect your business that little bit more, reducing the risk of a significant attack. Taking baby steps now can help you thrive in the long term. So if you do hate data breaches, think about how you’re going to stop them from harming your business.