What you can learn from these real-world examples of data breaches and hacks.
While it might not make headlines, breaches and hacks unfortunately can (and do) happen to small businesses. Like with major enterprises, cyber incidents can damage a small business’s reputation and take a serious financial toll.
As your company joins the digital revolution, your newly adopted tech could get you into hot water with a hacker, so to speak: cloud-based services and apps used often by small businesses are vulnerable to cyberattacks.
Yet there are simple ways to reduce cyber threats for your company. Here are examples of real data breaches and hacks and what to learn from them.
1. Phishing attack on a health management system
Kentucky-based Imperium Health offers development services to Accountable Care Organizations. In a phishing attack, hackers sent an email to employees with a link to sites that harvested their logins, compromising both personal and protected health information of more than 140,000 Imperium customers.
The takeaway: No matter the size of your company, make sure your employees know how to detect phishing emails. You can remind your employees to forward any suspicious emails to IT for review rather than opening them. Inform them of the types of communication they can expect from the organization so they’ll know when an email seems illegitimate.
2. Ransomware attack on an entertainment law firm
This small law firm counts A-list celebrities among its clientele, including pro athletes and performers (like Lady Gaga—whose legal documents were leaked as part of the attack). The weapon of choice for the cybercriminals was REvil ransomware, using compromised credentials to gain access to the firm’s remote desktop.
The takeaway: Remote desktops (RDP) are increasingly common for remote and hybrid employees. Be sure to employ antivirus and antimalware programs to keep devices safe, and frequently update software for the most secure versions. Ransomware’s biggest advantage is going undetected for awhile, so sign up to receive security alerts from Dashlane so you’ll instantly know if employee credentials have been compromised.
3. The social media data breach exposing 600 million passwords
Facebook (now Meta) may not be a small business, but its users can tell us a lot about general password habits. Knowing how many of us reuse passwords, it’s inevitable that the platform’s 600 million compromised credentials have been reused by employees for work accounts, meaning your company’s data is vulnerable.
The takeaway: A password manager like Dashlane will tell you if employee passwords have been compromised or reused. Encourage employees to use a password manager to generate secure and unique passwords that they won’t even need to remember or store outside of Dashlane. If a major social media hub experiences a breach in the future, you’ll know that those compromised passwords aren’t floating around at your company.