Criminal activities in terms of stealing or theft has a history of its own.
If researched well, it not only brings out interesting yet devious ideas that thieves used. It also reveals an internal war which was and is still is heinous then the 2nd world war itself.
A war between the people who are trying to fill the loopholes to maintain economic and commercial stability and the others who are hellbent on finding the loop holes to disrupt the stability for their own good.
Why is this disturbing?
Well, let us start with an example of a leading manufacturing company who has just invented a new tool for faster production and is now looking for patency.
What if, somebody within the company gets their hands on that new invention and sells it to another company?
That company receives patency for the new tool while the one who designed and developed it receives no recognition for it. What follows is a lengthy court battle that can go in the favor of anyone?
If the above example is not disturbing, then let me make it a bit more ‘personal’. You lost your wallet while travelling by bus. The wallet has your debit and credit card. Worse, the pin numbers are also written on a chit. Before you know it, the person who got your wallet has robbed you of all the money you saved.
How will you feel?
This is called a Security Breach. It comes in various forms but whatever the form, it affects everything in its path – heavy losses, tarnished image in the global market, costly law suits, loss of employment… your world just comes crashing down in a blink of an eye.
Meaning of Security or Data Breach
A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
Data breaches may involve financial information such as credit card & debit card details, bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property.
Most data breaches involve overexposed and vulnerable unstructured data – files, documents, and sensitive information.
Be it personal information or professional information, such information should never be revealed or shared with anyone unless the other party has the desired authorization or permission to access those records.
The spate of cybersecurity crime or attacks have risen leading to a lot of organizations and individuals being made aware about security breaches and what can be or should be done to avoid it.
Below are some methods that result in a security breach: –
MAN-IN-THE-MIDDLE ATTACK
You enter a coffee shop and find out that it has free wi-fi. You decide to use it and do everything. Browse Facebook, take selfies and upload it to Instagram, even check your emails – be it personal or professional. While you enjoyed using the free wi-fi facility, your data has already been copied, captured and is being utilized by somebody else for his personal gains.
How did it happen?
Well, he hacked the wi-fi. This is called MAN-IN-THE-MIDDLE ATTACK. He found a simple weakness and made use of it. Of all the people in the world, he targeted your IP and copied all important data from your phone or laptop. And all this happened without anyone noticing that a breach just happened.
Don’t get drawn into the ‘luxury’ of free wi-fi especially in public areas where everyone has access to it including a master hacker. Free wi-fi is never safe even if the shop states that they will provide the password for usage. That password has been used by a lot of people and a master hacker has already stolen the IP to find his next target.
My advice – please avoid it at all cost. Even if it is your own wi-fi, if you have provided the password to anyone, it is recommended to change it immediately after usage.
DENIAL-OF-SERVICE ATTACKS
Ever come across a situation in your office where all work is going smoothly when suddenly, the internet goes down. Latency kicks in and it becomes increasingly difficult working through applications that are taking ages to load and reload. Soon, everything stops and there is no other choice but to sit and wait for the IT team to ‘clean up’ the server.
What you do not know is that this could be a hacker’s doing? The person has hacked into the server IP and created a situation where heavy load of website traffic has been passed through it that has led to overload and subsequently, latency in internet connection.
While this is not a breach, this will lead to a breach. The moment where the internet is down, and people are sitting and waiting for it the server to be up and running, this is a vulnerable moment where the hacker can do his/her job of breaching into all security measures and gaining access to important documents and files.
How to avoid this? The moment you see even a bit of latency in your system, notify your supervisor or your manager. It does not matter if it is latency of one system or 2 systems, the manager needs to be notified of the same who will immediately notify the IT team to check the cause of it.
Immediate redressal of a situation is enough to stop any form of data breach that may occur during that vulnerable time of system latency.
PHISHING AND SPEAR PHISHING
Ever come across an email that provides a lucrative offer from a bank or a company and asks you to click on a link to check the offer. When you click the link, it takes you to a page that requests you to enter personal details with the hope that they will contact you regarding that offer.
Be aware, this is a phishing email. It has been sent to you with a purpose to collect personal details and forge it later for unethical purposes. And not just you, this has been sent to a group of people with the intention of gathering as many personal data from people as possible.
Spear phishing is almost the same though the only difference is that the email targets a specific person of interest. It can be government official or a military official in an effort to forge documents and gain access to secrets which only they have access to. It can also be a president, vice president or CEO of a company.
There are cases where a company lost a contract or a tender because a company official provided the quotations to an unknown person.
That unknown person was sent as a spy to investigate everything about the person of interest, to get acquainted with him and learn everything about him including his personal interests and secrets. Using all these knowledges, he was able to collect all information either through an email or a hard copy and in turn handover all those secrets to a 3rd party.
Never ever fall for such traps. If you come across an email of that kind, always check the link. Hovering over the link will easily tell you if it is a phishing email. The difference between http:// and https://, the wordings on the link and where the link is directed towards is all it takes to prevent a breach.
If you are VIP or in a position that involves handling of important files or documents, be aware of the type of people you are dealing with. Not everyone is a friend or an acquaintance.
Not everyone approaching you is doing it with the intent of being friends, he/she may have an ulterior motive and the first sign you see that indicates the same, immediately perform a background check of that person.
If you have to involve the police or any authority dealing with countering such unethical practices, do so as soon as possible.
A data breach occurred due to your negligence can not only tarnish your reputation but also the reputation of the organization you are a part of.
PASSWORD ATTACK
Gone are the days when creating password was an easy job. Like literally. Your mother’s or father’s name, your dog’s name or cat’s name, the name of your girlfriend or boyfriend (which ‘naturally’ changes after a breakup) and then your spouse’s name… stop right there. For the sake of humanity’s survival, I implore you to.
Creating a password is no more an easy drill, not even a joke. Your personal data is no more secure as you think even if it is on your laptop, or phone or tab.
Actually, no data on any system is secure and the reason is simple… your password.
It doesn’t need a hacker to create a powerful code or virus to tap into your system and capture details. All it takes is to learn everything about you, your family background, your hobbies or interest, your relationship(s), etc.
Once done, all the hacker needs to do is find a system, open the application he needs to access to and type – myjanu@123, and voila, he has gained access. Believe it, people. An easy to decipher password is one of the prime reasons for a security breach and can cost any organization billions of dollars of losses.
How to avoid this? –
- Avoid personal information on your password – names, city names, street names, your favorite movie or video game, etc.
- Avoid sequential numbering – 123, 456, 123456, 789, 0000
- Password length should be at least 8-15 digits and should mandatorily have special characters.
- Do not, at any cost, write down or have the password saved anywhere. Be it a notepad, mobile or laptop, try to memorize it.
- Avoid password sharing. Do not at any cost share the password with anyone. Nobody has the right to ask or force you to ask a password. Does not matter if it your colleague, friend or even your manager. Be firm in your stance and report to the concerned authority if you ever face such a situation.
- Periodically change your password. Make it a habit to change it weekly or bi-weekly. If you get a notification to change your password, do not neglect it. Change it to avoid any further complications.
- In case you have forgotten your password at work, report immediately to your manager or the IT team to create a new password for you. Do not ask anybody else for their password to gain access. Be responsible and make others understand their responsibility too.
EAVSESDROP ATTACK
This is form of security breach where the hacker poses to be a trusted server and while you use the server to carry out your daily tasks, the hacker is able to gain all information like your debit or credit card details, your bank account details or even your personal information from social media sites.
It is very important to check whether the server we are using is from a trusted organization or not.
Usage of VPN from an unregistered source can be fatal and therefore, be cautious. Organizations, especially, avoid open-sourced software or applications and instead go into a contract with a registered company for usage of server or VPN.
As for individuals, if it is necessary, make a checklist of top-rated and registered companies that provide a secure server or VPN for your purposes. If you want to use an open-source software, make sure it is from a trusted source. Research well before utilizing it.
Hackers can also tap into phonelines or email trails to ‘eavesdrop’ on any dealings or transfer of important information. For example, if you are on a call with a client regarding a real estate deal and you are talking about pricing or quotations, the hacker can easily gain access to the call and collect all information regarding the deal. The information can then be sold to a 3rd party for their personal gains.
Therefore, it is always important to use an internet connection that also provides all possible security features to stop all threats, be it browsing the net, using skype or zoom or even making international phone/video calls through the net.
MALWARE ATTACK
No doubt, the most common form of security breach that any individual or business are very much aware of. We have all come across this form of attack and there are many of us who have faced this issue.
To the extent, that when it happened, we literally had to call in an expert to remove or delete all data corrupted and affected by the attack and re-install the entire OS. The end result, all our data erased. Much more disturbing, there was no backup for the data that was affected.
This happens due to our Major Cyber Security Mistakes.
As an individual, it is a traumatizing moment but for an organization. Imagine the amount of data that the server carries – financial reports, domestic contracts, international contracts, client reports, employee list, worker list, confidential documents, etc – just one malware attack and all those data can vanish in a split second.
Not just heavy losses, this can also tarnish the reputation of the company. For not able to secure important data, the company can lose foothold in the market, can be sued for heavy damages and be blacklisted leading to no trading of shares or stocks at the international market.
The attack can be of any type. If the intention of the virus creator is to destroy all documents, the virus can be programmed to do so. This is usually done by a competitor who wants to tarnish the image of the company.
If the intention is to steal documents, the virus can be programmed to create copies of the original document which can later be downloaded. The virus can also be programmed to corrupt the existing files rendering them unusable to cause inconvenience to the individual or company.
Many a times, an attacker can create a virus that will block all applications on a system. None of the applications will start when clicking them and we will get a notification stating that the system has been affected by a virus. The only way to get rid of it is to make a payment. This is called Ransomware and the payment amount can be staggeringly high.
However, this can be avoided by having an anti-virus software installed.
The anti-virus software has the ability to detect any virus or trojan and erase it before it affects any file or application. It also has the ability to back up all files in a system so that if a particular file is corrupted, it can delete it and have the backed-up file reinstated for future use.
Anti-virus software also has the ability to quarantine files in case the system is affected by a virus attack, however, it also means that file will be unusable which means that an anti-virus software must mandatorily have an auto-clean feature to get rid of the virus in no time.
Periodically scanning the system and activating the self-update facility allows the software to keep the system in check from any virus and also, be ready for any new type of malware.
CONCLUSION
To avoid a data breach, it is important for all of us to understand how a data breach affects a person and an organization.
The identity of a person, the person’s social life and professional life can take a turn for the worse if his/her data is breached and leaked into the public.
The reputation of a company can take a turn for the worse if all sensitive information related to the company are sold to a competitor to a 3rd party.
Due to massive security breaches, organizations all over the world have made it a mandate to have periodical discussions and seminars raising awareness for all employees to understand their duties and responsibilities to not only avoid security breaches but also, in the event a breach occurs, to be aware of what to do next and how to make sure that the breach doesn’t cause more damage.
Governments of all countries have also made it a mandate to make every citizen understand not to circulate important documents or files through unknown channels for hackers to exploit that situation.
Important items like email passwords and passwords to certain important sites should not be shared with anyone even if it is near and dear one.
Offline too, important documents like passport and aadhar card needs to be kept secure. In the event a document like that gets misplaced or lost, it is the responsibility of the person to raise a concern and have that document located and returned, or have a new one created to avoid further damage.
Avoidance of security breach should be taken seriously by everyone because it is not about a person or an organization, it is also the question of a country’s reputation that can be tarnished if a hacker of an enemy country gains access to a country’s secrets.
Tampering with them can lead to severe problems that can affect the lives of the citizens of an entire country. Therefore, please be aware and update yourself periodically for any changes that can affect our lives – positively and negatively.