Device on fire.

4 Companies Who Could Have Used a Data Loss Prevention Strategy

Last year, a total of 1.37 million records were stolen. That essentially means that one in every seven people was a victim of a data breach. In a time when cyber crime is on the rise and hackers are coming up with new, creative ways to take hold of your sensitive information, it’s important to take extra measures to safeguard your network. Enacting a data loss prevention (DLP) strategy can help your company keep its confidential data safe and out of the hands of cyber criminals.

In order to demonstrate just how important having a DLP strategy is, we’ve highlighted four instances where data loss prevention would have helped major companies avoid data breaches and the headaches that came along with them.

The England Prison System

When: 2008

What Happened: An employee of PA Consulting in London felt it would be wise to download the records of 84,000 prisoners onto a personal USB drive. She put the drive in her unlocked desk drawer, left for the weekend, and didn’t think of it again until Monday morning when she came back to the office to find it gone. An external investigation was launched, and it was determined that the likelihood of the USB being stolen to obtain the records was slim. However, it was still a possibility and therefore considered a data breach.

Impact: Needless to say, the prison was not happy, and immediately terminated their contract with PA Consulting. Their reasoning was a breach of contract. The outlined security provisions were not met, and now the compromised personal data of 84,000 prisoners were at risk of being misused and exposed.

Solution: The use of data loss prevention software could have prevented this entire debacle from happening. How? DLP software is able to detect sensitive network data (such as personal records) in emails and documents and prevent it from being sent or uploaded to an unauthorized, unsecured or portable storage location.

eBay

When: 2014

What Happened: A cyberattack compromised the names, addresses, dates of birth, and passwords of all its users. Apparently, hackers obtained the logins for three corporate employees and had total access to the inner workings of eBay’s network for 229 days before the intrusion was detected.

Impact: Ultimately, the personal information of 145 million users was compromised. While eBay said that the financial information of its customers was stored separately and not endangered, they still got flack for their lack of early communication about the breach and their poor password-renewal process. Apparently, the incident resulted in less user activity on the site for several months, however (luckily for eBay) the lasting negative impact was minimal.

Solution: Had eBay employed the use of multi-factor authentication, this embarrassment could have been prevented. In addition to requiring employee login credentials, hackers would’ve also been prompted for a specific piece of information or needed access to a certain device to get into eBay’s network.

Anthem

When: 2015

What Happened: An Anthem employee clicked on a link in a phishing email, giving hackers access to their business network. According to Fortune, an investigation found that a foreign government recruited hackers to send this email and gain entry into the healthcare provider’s network.

Impact: While Anthem stated that there was no evidence that members’ data had been sold or shared, the personal information of over 75 million current and former customers were still exposed without authorization. And, that data could still be used against them in the future. In addition to dealing with frustrated customers, Anthem paid $115 million dollars in fines, the most paid by a company for compliance violations. Ever.

Solution: If employees had anti-virus and malware detection software on their computers, they would have been alerted to this malicious email and its risky links, and Anthem could have avoided such a costly error. Additionally, employee education may have prevented the blunder. Taking time to educate employees on the importance of keeping sensitive data safe can go a long way in preventing data loss, especially when human error is responsible for approximately 70% of breaches.

Equifax

When: 2017

What Happened: This instance of data loss is possibly the most well-known data breach in recent history. A security vulnerability in one of Equifax’s websites went unpatched, and a hacker was able to gain access to their network.

Impact: The personal records of 143 million individuals (including Social Security numbers, birthdates, addresses, credit card information, and driver’s license numbers) were exposed.

The breach increased each individual’s risk of identity theft, and also resulted in the suspension of a $7.25 million contract the IRS had with Equifax.

Solution: Had these records been encrypted, hackers would have also needed a security code to unscramble them, thus reducing the likelihood they were ever exposed.

Protection. Protection. Protection.

Every single solution to these breaches is part of a strong DLP strategy. All of these situations could have been prevented with proper protocols in place. Our job is to help keep your business data safe by working with you to build an all-encompassing data loss prevention strategy.

If you’re interested in learning more about how your company can prevent the loss of sensitive information and reduce the risk of network intrusions, please reach out. At DMS, protecting your data is our priority.