05 Sep Data Breaches of Britain: The 6 Biggest – Are Small Businesses Safe?
Now and again data breaches can means a lot more than stolen financial records or customer data. Edward Snowden leaked hundreds of thousands of secret documents to the media. Some call him a hero, others insist he’s a traitor. Nidal Hasan, the Fort Hood mass killer, displayed worrying behaviour long before he went on the rampage, killing 13 people and injuring many more. Plenty of people noticed his mental state deteriorating, nobody acted.
We live in a hyper-connected world where just one angry insider might help terrorists steal nuclear material for bomb making, or install malware to compromise an entire nation’s utilities. When in office, President Obama created a National Insider Threat Policy to put a series safeguards in place, including special software designed to detect mass document downloading and systems to encourage people to report worrying employee behaviour. Many businesses across the world are doing the same kind of thing.
Is your small business safe? Or is it high time you took action to safeguard your IT systems? To illustrate how bad it can get in a worst-case scenario, here are 6 serious UK data breaches nobody expected, breaches that not only proved expensive but also temporarily damaged the reputation of the brands in question.
The Six Biggest Data Breaches of Britain
25 million child benefit claimant records lost by HMRC
When a couple of CDs containing the records of 25 million child benefit claimants went missing in the mail, everyone held their breath and waited for disaster to strike. Fortunately, as far as anyone knows, the password-protected discs didn’t fall into the wrong hands, but it highlighted the dangers of HMRC letting ill-trained junior employees handle data.
Three Mobile’s customer data disaster
Three is one of the nation’s biggest mobile operators, but they suffered a major data breach that put millions of people at risk thanks to hackers accessing their customer upgrade database using an employee’s login details. While no actual financial data was taken, customer names, phone numbers, addresses and dates of birth were stolen.
Talk Talk suffer a string of breaches
Mobile operator TalkTalk saw 157,000 personal records compromised in 2015, potentially the second or third time a breach had taken place there in less than a year.
The Moonpig app data breach
Apps are just as vulnerable as computer systems themselves. In 2015 online greetings card retailer Moonpig saw a researcher accessing the records of a number of account holders, compromising the company’s three million customers.
Tesco Bank customers lose cash
In late 2016 Tesco Bank saw around 20,000 customers having cash stolen in an attack that compromised 40,000 or so accounts. The bank had to halt all online transactions until the issue was sorted out, and the also had to refund their customers’ money.
Yahoo compromises millions of user accounts
2013 and 14 saw Yahoo suffering a number of data breaches , including one in 2014 that affected more than half a million user accounts. It followed on from another monster of a breach the year before, this time affecting a billion accounts and still the biggest ever data breach since records began. People’s names, email addresses, telephone numbers, security questions and answers were exposed, resulting in numerous lawsuits. And another 32 million user accounts have been compromised in the last two years, thanks to forged cookies.
Every business is vulnerable – The Facts
These are all big, well-publicised cases. But small businesses are far from safe. According to SmallBizTrends (https://smallbiztrends.com/2016/04/cyber-attacks-target-small-business.html) 43% of cyber attacks target small businesses, with dramatic increases noted every year since 2011. In fact Symantec’s 2016 Internet Security Threat Report reveals small businesses are a prime target for phishers, with attacks in 2015 up 9% on the year before. Symantec’s research reveals 1 in 40 small businesses are at risk of becoming a cyber-crime victim. Many of these phishing attacks target employees responsible for business finance. Ransomware attacks are also on the up, targeting both employees and devices connected to company networks.
The next big thing?
Symantec has also noticed attacks on the Internet of Things, including smartphones, smart watches, and even a smart TV. They all involve demands for payment, in effect blackmail, before the device is ‘freed’. And spear-phishing, where a spoof email looks like it has come from a trusted source, is also a growing threat, again targeting businesses of every size. Whatever the size of your business, cyber-crime is always a risk, and it’s always well worth taking steps to protect your data, your customer data, systems and networks. That’s what we do.
If you need assistance or would like to discuss requirements, please contact us.