There’s not a week that goes by when we don’t hear about another security breach on a large corporation or enterprise.

Millions of personal details have been stolen and guess what?  Your name may be on the list.

What can we learn about these security breaches for our own business?

Well in this post, I’m going to go into details on the biggest security breaches of 2018, how they happened and how to protect your business against the same form of attack.

As a bonus, I’m going to offer you a free scan to check if your details have been stolen.

You’ve probably never heard of this firm.  I know I hadn’t.  They are a marketing company that does data aggregation.  Three hundred forty million records breached. 

This happened back in June of 2018.

A security expert spotted an open database on one of their public servers.  Whilst the data was not hacked, it was just sitting there waiting to be found.

How do you protect your business from this type of scenario?  Make sure you know where your data is stored and who has access. 

Most importantly, implement a policy on any new IT infrastructure or cloud services that are being installed in the business and have some form of auditing on where data is located.

I’m sure you’ve stayed at one of the Marriott group of hotels in the past. 

These include:

• Regis
• The Luxury Collection
• W Hotels
• Sheraton
• Westin
• Le Meridien
• Tribute Portfolio
• Design Hotels
• Four Points
• Aloft
• Element

Five hundred million customer records were breached between 2014 and September 2018. 

These were ongoing independent hacks over a prolonged period.  Yet, it’s surprising it was not spotted sooner. 

So what can we learn from these types of attacks?

Make sure your IT security can scale with the size of your business and the systems you have.  Marriott had both web portals, point of sale machines, and internal databases hacked.

In other words,  it poses a security risk anytime you add a new system into your technology stack.  Thus, make sure you include all systems in an IT security audit.

Again, this may not be an organisation you have heard of, but it’s a government agency based in India.

1.1 billion Indian residents’ details were breached including their social security number (ID number). 

This happened back in March 2018.

It turns out their database system was running what’s known as an API – this is just a way for two different systems to speak to each other. 

Anyway, the API was not secure and data was being leaked to outside sources.

What can we learn here?  Well, there is a lot of these API in use.  If you are using any services that hook into products like Office365 or G-Suite, then an API is maybe in use.

Therefore, make sure any services that you might sign up with that use an API that speaks to one of your other business systems is secure and legitimate.  Certainly, the best way to check is by asking us.

As promised, we have a bonus.  The above companies mentioned are only the top 3 of 2018 – there are many more.

If you would like to check and see if your personal or business account has been hacked, get your free scan here.

We will run a scan to check your company or personal email address against a database of information that is actively being sold for profit on the dark web and send you back the results.

If you have had an account breached or would like to secure your IT systems, then please get in touch with us today. 

Please email info@connectservice.com.au or call 1300 766 455.