What is a data breach?
Authored by a Symantec employee
A data breach is a security incident in which information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways. They are a costly expense that can damage lives and reputations and take time to repair.
It may seem like stories of massive data breaches pop up in the news frequently these days. But it shouldn’t be all that surprising.
As technology progresses, more and more of our information has been moving to the digital world. As a result, cyberattacks have become increasingly common and costly.
Globally, the average total cost to a company of a data breach is $3.86 million, according to a study by the Ponemon Institute. This means that at $148 on average per stolen record, online crime is a real threat to anyone on the internet.
According to Symantec, personally identifiable information — such as full names, credit card numbers, and Social Security numbers — was the most common form of data lost to data breaches in 2016, with personal financial information close behind.
Corporations and businesses are extremely attractive targets to cybercriminals, simply due to the large amount of data that can be nabbed in one fell swoop.
Why do data breaches occur?
Cybercrime is a profitable industry for attackers and continues to grow. Hackers seek personally identifiable information to steal money, compromise identities, or sell over the dark web. Data breaches can occur for a number of reasons, including accidentally, but targeted attacks are typically carried out in these four ways:
- Exploiting system vulnerabilities. Out-of-date software can create a hole that allows an attacker to sneak malware onto a computer and steal data.
- Weak passwords. Weak and insecure user passwords are easier for hackers to guess, especially if a password contains whole words or phrases. That’s why experts advise against simple passwords, and in favor of unique, complex passwords.
- Drive-by downloads. You could unintentionally download a virus or malware by simply visiting a compromised web page. A drive-by download will typically take advantage of a browser, application, or operating system that is out of date or has a security flaw.
- Targeted malware attacks. Attackers use spam and phishing email tactics to try to trick the user into revealing user credentials, downloading malware attachments, or directing users to vulnerable websites. Email is a common way for malware to end up on your computer. Avoid opening any links or attachments in an email from an unfamiliar source. Doing so can infect your computer with malware. And keep in mind that an email can be made to look like it comes from a trusted source, even when it’s not.
How can I help protect my personal information in the event of a data breach?
To help protect your identity, it’s important to take steps to help protect yourself and your personal information. These steps can include:
- Use strong, secure passwords. Use a complex and unique password for each of your online accounts. Keeping track of all those passwords can be difficult, but there are products, such as Norton Password Manager, that can help make this task easier to manage.
- Monitor your bank and other financial accounts. Check your accounts on a regular basis for unfamiliar activity. And if the companies offer activity alerts via text or email, it may make sense for you to sign up for them.
- Check your credit report. Do so regularly to see if a thief has attempted to open a new credit card or another account in your name. You’re entitled by law to a free credit report from each of the three major credit reporting agencies every 12 months. Visit annualcreditreport.com for more information.
- Take action as soon as possible. If you see suspicious activity, contact the financial institution involved immediately. If your information was stolen in a data breach, let them know that, as well.
- Secure your phone. If your phone doesn’t have a password, give it one. Although entering a password every time you use your phone is tedious, it provides a line of defense if your device is lost or stolen. Think about all the information a criminal could access with your unprotected phone.
- Use only secure URLs. Reputable sites begin with https://. The “s” is key. This is especially important when entering credit card or other personal information.
- Implement high-quality security software. Install and use a software suite that includes malware and virus protection — and always keep it updated. Norton 360 with LifeLock is one such solution.
- Back up your files and ensure their safety. Norton 360 with LifeLock Select offers 100 GB of backup for your PC in addition to its other security features.
- Wipe your hard drive. If you are recycling your old computer, make sure that you clear your hard drive prior to disposal. The same goes for your smartphones and tablets.
- Avoid oversharing on social media. Never post anything pertaining to sensitive information, and adjust your settings to make your profiles private. While you’re at it, hold off sharing vacation pics on social media while you’re still on vacation. That tells everyone your house may be sitting empty, a perfect target for burglary.
- Use an identity theft protection or credit monitoring service. The mess caused by a stolen identity could take months or even years to fix. Given the recent number of data breaches, it’s important to consider identity theft protection or a credit monitoring service. Norton Security now includes LifeLock identity theft protection, helping to protect your personal information in an age of data breaches.
What are companies doing about data breaches?
Many companies are tightening security measures and reassessing their procedures to better protect the consumer data they use and store.
Laws and regulations are in place that require companies to take specific steps in the event of a data breach or other security incident. Most states require companies to send data breach notifications to consumers when their personally identifiable information may have been compromised.
Still, you should never rely solely on others to keep your information secure. It’s always important to take preventative measures and keep an eye on your information.
Data breaches are likely here to stay, and the best defense against them is a good offense. Educate yourself and be diligent about monitoring your online life. There may be laws, policies, and procedures in place to help protect your information, but it still makes sense to stay engaged and alert even as you enjoy the convenience that a connected life delivers.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2019 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.