Why We Should NOT Normalize Data Breaches
In March last year, news broke out that a massive data leak hit Facebook (Meta) in 2019, affecting over 530 million users from 106 countries. The stolen data included phone numbers, Facebook IDs, full names, birthdates, location information, biographical information, and even some email addresses.
All of that isn't news. What we're concerned about is that a year later, so many people have slowly come to accept it as a normal occurrence. In fact, a leaked email revealed that Facebook wanted people to view it as such. The email stated that the social media giant is aiming to "normalize the fact that this activity happens regularly." It's like your data getting stolen is par for today's digital landscape. It's not, and it definitely shouldn't be.
Your data is not only valuable; it can be used against you.
At ITS, we're staunch advocates for data protection. We believe the only way we can protect our valuable data is when everyone works together to protect theirs as well. In this article, we'll help you understand why you shouldn't normalize data breaches and how doing so can impact your business. To do that, we'll dive into the following:
- Why You Shouldn't Normalize Data Breaches
- How Your Personal Data can Be Used Against Your Business
- Impact of a Data Breach on Small Businesses
Why You Shouldn't Normalize Data Breaches
Data breaches are so common now that you no longer feel surprised when a large breach hits the headlines. That's a major problem, but if we stop reporting on it altogether, that makes it even worse. It's almost the same as admitting defeat and saying that you're okay living with this threat looming above your business. Neither answer should be acceptable, and businesses should not be able to say that it's okay or that it's not a big deal.
It isn't something that you should see as negotiable, especially when statistics show how small businesses are unlikely to survive a data breach. While they are becoming more widespread, that doesn't mean we have to accept that as the new normal.
How Your Personal Data can Be Used Against Your Business
Data leaks can help improve a cybercriminal's success rate in penetrating your defenses. It creates opportunities for them to craft more convincing schemes that can lure unsuspecting members of your team into letting them in uncontended. Take a look below to see just how easily your data can be used against you:
Passwords
Imagine attending a business conference, and while networking, you meet a new contact who, for some reason, introduces himself using his email address and password. Seems absurd, right? It happens more times than you would like to believe.
According to a study by Google, 59% of people they polled used their name or birthdate in their password. If they chose anything else, a majority of them still used easily discoverable personal information such as the names of pets, spouses, and children. Even worse was that the same study found that 52% of people reused the same passwords across multiple accounts.
Let's put all of that into perspective. If a member of your team is one of the 530 million victims of the Facebook leak, a cybercriminal might already have been able to crack their password using the stolen info. It's also likely that the team member is using the same password for other accounts, including their business email. That poses a serious risk to your network security.
Social Engineering
Social engineering attacks use psychological manipulation to trick users into making security mistakes or giving away sensitive information. To achieve that, many hackers like to impersonate legitimate institutions or even colleagues to lower your guard. Data leaks like the one that Facebook hopes to "normalize" can arm them with the information to make more convincing schemes that target you or members of your team.
Phishing
Put yourself in this scenario: It's your birthday, and you receive an email from amazon. Since today's your special day, it says that you are eligible to receive a $100 coupon. All you need to do is click on a link to get it.
If you chose to hit that link, you might've just installed malware on your system. But who can blame you? These schemes are designed to look and feel convincing. And all they need to lower your guard is add that personal touch like your name, email address, mobile number, and birthday. All that information is included in the data scraped from the Facebook data leak.
Impact of a Data Breach on Small Businesses
While you might think data breaches aren't that big of a deal, the reality is very different. Trying to get better insights on just how much impact a breach can inflict on small businesses, the Identity Theft Resource Center (ITRC) polled 417 small business owners.
The study found that 44% of respondents spent $250,000-$500,000 to cover the costs of the breach. On the other hand, 16% said they were forced to fork out between $500,000 to $1 million. According to those business owners, the costs forced them into debt; some had to dip into their reserves, while others had to reduce headcount as a result.
You might be tempted to think that those numbers are inflated. How could one data breach cost so much? Remember, a data breach isn't just about that single moment. It will have repercussions that your team will have to deal with for months or even years. In the same ITRC study, 42% of respondents claimed it took 1-2 years to get back to normal after suffering a breach. For another 28%, the road to recovery took even longer, between 3 to 5 years.
Aside from the initial cost of controlling a breach, you also have to consider lost revenue caused by the damage to your reputation or possible litigation. When news breaks out of the incident, it could also impact your marketing efforts as it could poison search results. That means when people search for your business online; the words data breach will often be in tow as media outlets keep sharing your story. It can turn off potential customers and clients.
The bottom line is that a data breach will cost you in more ways than one. And it's going to be expensive. It could even put the future of your business in jeopardy.
Take Data Breaches Seriously
Data breaches may be common, but you should never accept them as normal occurrences. There is too much at stake. Your business continuity could depend on how seriously you take data protection.
At ITS, we've helped our clients manage their technology and protect their data for almost 20 years. If you want to learn more, check out our article on the seven bad habits that cause data breaches.