Earlier this month, a significant data breach struck DC Health Link, a marketplace company that offers insurance plans to residents of Washington, D.C., including members of Congress and their staffers. More than 55,000 customers — including nearly 20 current and former members of Congress — had their Social Security numbers, birthdates, plan enrollment details, addresses, phone numbers, and demographic information exposed.
Days later, the FBI announced that it had purchased some of the personally identifiable information disclosed after the breach from a dark web hacking forum. That confirmed the worst fears of security experts, who always worry after such an incident occurs whether stolen information will actually end up in the hands of cybercriminals.
Perhaps because of the government officials affected, the FBI acted fast to mitigate the negative impact of the breach. On Friday, March 24 — just two weeks after the hack was revealed — the Justice Department announced that the individual responsible for administering Breach Forums, the online marketplace for stolen data, had made his first appearance in court. Meanwhile, the FBI and the Department of Health and Human Services worked together to disrupt the forum, permanently knocking its website and database offline.
The accused criminal, a 20-year-old New York man, allegedly built and managed a “Leaks Market” section of his website for buying and selling stolen data. Although he wasn’t a hacker himself, he served as a go-between for people looking to commit cybercrime and those eager to exploit it. He has been charged with conspiracy to commit access device fraud and could face up to five years in prison if convicted.
“People expect that their online data will be protected, and the Department of Justice is committed to doing just that,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division in a press release announcing the action. “We must and will remain vigilant to the threat posed by those who attempt to undermine our digital security. We will continue to disrupt the forums that facilitate the theft and distribution of personal information and prosecute those responsible.”
Of course, not every company is lucky enough to have government agencies on the case to prevent data breaches, monitor the dark web for pilfered information, and prosecute hackers who possess it. So what’s the best move for an average business located anywhere in North America to stay safe?
CMIT Solutions has collected the following six tips that outline smart cybersecurity strategies and achievable goals for data security:
- Protect every device in your network. Many businesses think that securing office computers is adequate. But every device — laptops, smartphones, tablets, printers, servers, and even Wi-Fi routers — needs to be managed if true cybersecurity is the goal. This might sound difficult or unmanageable at first, but it actually reduces the complexity of IT challenges for your business and your employees. Instead of protecting each device in a piecemeal fashion — or, worse, only prioritizing certain machines or certain employees — an all-in-one package protects against a multitude of threats: malware and ransomware, hacks and breaches, email-borne viruses, and operating system vulnerabilities.
- Implement multi-layered cybersecurity protection. Included within that all-in-one package are multiple layers providing an “umbrella” approach to cybersecurity. This includes firewalls, software updates, security patches, advanced antivirus, anti-spam, and anti-malware software, end-to-end data encryption, content filtering, network analysis, and other advanced tools. The goal of such an approach is to place more obstacles in the way of any potential hacker who might try to exploit a specific vulnerability to steal information.
- Make sure IT support is comprehensive and around the clock. Depending on where your business is located and what its primary industry is, 24/7 monitoring and maintenance might be necessary. This is especially true if you have employees working in multiple time zones, sensitive communications that need to be encrypted, or e-commerce running around the clock. The best IT provider has multiple offices staffed by rotating shifts of technicians, all working to keep companies safe no matter when or where their operations occur.
- Cover all the compliance bases. HIPAA, GDPR, and PCI are more than just annoying acronyms. With state, federal, and industry regulations in place across the U.S. and Canada, businesses in sensitive industries like health care, finance, and legal services must act with caution — especially since non-compliance can lead to serious civil or even criminal penalties. Robust cybersecurity protection should come with compliance checks at every level to keep your business in line with government and industry rules.
- Back up data regularly, remotely, and redundantly. One of the most foolproof ways to bounce back from a cyberattack is to have reliable data backups that can be accessed in case of information loss. Without these trusted backups in place, many companies affected by ransomware in particular will pay thousands of dollars to try and retrieve their data from cybercriminals. Instead of taking that risk, storing data in multiple locations means that lost information can be quickly recovered from its latest backup point and reinstalled before negative consequences even occur.
- Provide regular employee training. What’s more important than properly functioning technology? The expertise of the people using those devices to do their day-to-day work. Truly responsive support should include ongoing education that empowers your employees to identify spam emails, understand the way ransomware works, encrypt communications on all channels, and back up data regularly. This can help to mitigate the most common security risk of all: unintended human error.
CMIT Solutions is committed to helping businesses of all sizes to prepare for and protect against data breaches, information hacks, ransomware infections, and other cyberthreats. We work with everyone from municipal governments to mom-and-pop shops to multinational corporations to defend their data, secure their networks, and empower employees to work productively and efficiently.
If you’re worried about the ongoing threat of information loss or need help protecting your systems, contact CMIT Solutions today. We worry about IT so you don’t have to.