North Carolina’s worst breaches in 2018 could’ve been easily avoided

North Carolina’s worst breaches in 2018 could’ve been easily avoided

More than 1,000 data breaches affected 5.3 million North Carolina residents in 2017, making it the state’s worst year on record. In response, the Attorney General and a State Representative have introduced legislation that would require breached businesses to notify affected consumers and government offices within 15 days. Experts believe it will be the toughest breach notification law in the country.

But with the right preparation and IT systems in place, you needn’t worry about becoming the victim of a cyberattack or burdensome data security regulations. Hundreds of North Carolina businesses have already been breached in 2018, and if three of the worst are any indication, staying safe isn’t nearly as difficult as you may think.

Tax software company - 576 NC residents

One of the largest online tax preparers in the country notified the NC Attorney General that documents containing social security numbers and driver’s licenses had been breached during four separate incidents. But after a forensic investigation, a corrected statement claimed the company had done nothing wrong.

Breached documents had been accessed by an unauthorized person logged into a legitimate account. That means the compromised password wasn’t acquired with malware, a social engineering scam, or anything within the company’s control. The employee had merely used the same password for another account that had been hacked. When the non-work account was compromised, a hacker tried the password on a few other platforms and received full access to finished tax documents.

Even with the best firewall, antivirus software, and spam filter, you’re still at risk of a costly data breach. The only way to guarantee crummy employee habits don’t land you in hot water is to install systems that require multiple types of authentication, such as combining passwords with fingerprint scans or mobile phone verifications.

Mortgage lender - 5,725 NC residents

During the winter of 2017, a nationwide lending institution was unknowingly sending emails to borrowers demanding special payments related to their accounts. This happened because scammers had tricked employees into giving up their email logins, which allowed the fraudsters to send messages that were almost impossible to recognize as illegitimate.

The lender was forced to reimburse an undisclosed number of victims, but its problems didn’t stop there.

The accounts that were used to send fraudulent emails had access to thousands of files with financial information and personally identifiable information, which meant the lender needed to conduct forensic investigations in every state with affected customers and issue breach notifications.

Email filtering systems are a hands-off solution to prevent phishing scams like this one, but monthly tips, reminders, and employee training goes a long way to prevent data breaches related to human error.

Sandwich chain - 246,400 NC residents

Hacking credit card machines at national restaurant chains is becoming a bit of a trend in the world of cybersecurity. A recent case hit especially close to the Spectrumwise office when a sandwich shop with at least five locations in Charlotte uncovered malware skimming credit card information.

The malware that infected this business’s point of sale systems was advanced -- but not revolutionary. It took advantage of an outdated encryption standard that the Payment Card Industry security council stopped recommending a couple years ago.

If this restaurant chain had invested in regular compliance audits, there’s a good chance the outdated technology would have been flagged and replaced before a quarter of a million North Carolinians had their credit card numbers stolen.

Seven-layer security

Businesses that operate in our state are on track to surpass last year’s record-setting number of breaches. But there’s no reason for that to happen. Organizations of all sizes can afford the solutions we’ve outlined above, and many more.

Multi-factor authentication, spam filters, employee training, and regular security audits make up layers four, five, and seven of our multi-layer approach to network protection, and you shouldn’t be caught without the other four:

  • Enhanced Information Security Policies - AI-based user account management, data loss prevention solutions, etc.
  • Physical Security - door locks, security cameras, uninterruptible power supplies and everything else that keeps data safe from non-IT threats.
  • Secure Networks and Systems - regularly updated firewalls, antivirus software, and intrusion prevention systems that keep you safe from recognizable attacks.
  • Untouchable Data Backups - keep your files safe in the cloud with uncrackable encryption and automated backups to secure, off-site locations

Our all-in-one solution will make sure you’re the town hero while other businesses fall victim to data breaches. Give us a call today for a flat-rate managed cybersecurity quote.