What is a data breach? Countless companies and organizations collect information about you (and your employees). This could be your email address, a password that secures an account with that company, payment/credit card information, financial/credit information, medical history, and much more. Most companies follow strict industry practices to secure and protect this data. The problem is -- mistakes and bad guys happen.
Your information can be breached a variety of ways, ranging from small mistakes to sophisticated and coordinated attacks.
Small Mistake - security was not setup correctly at the company, and what should have been a private database is now exposed for anyone to see, download and exploit it.
Sophisticated Attacks - a team of hackers spends months probing for vulnerabilities, attacking weak security measures, and ultimately gain access to the company's private data.
Why You Should Care
You might be asking yourself, "why do I care if LinkedIn, Facebook or some other website has a data breach? I don't have much on there." Unfortunately, there are many reasons that you need to sit up and pay attention to.
Your Data - Stolen, Distributed, & Sold
First, you must realize what happens after data is breached -- every shifty-eyed hacker and fraudster across the planet gets dollar-signs in their eyes. The type of data that gets exposed varies, but you can count on "high-value" information such as passwords, security questions, financial information, payment information, and social security numbers to be a desirable target for those looking to profit from data breaches. The data itself is typically either posted online (Deep / Dark Web) for others to start using it, or it's the data is sold to others as a whole or in pieces.
Have you ever used the same password on more than one website, computer or service? We've all done it, and it's dangerous. Consider if you used the same password on an entertainment site, and also on your PayPal or bank's website. If the entertainment website is breached, your password is released to the wild, and now your high-value financial account(s) are in danger. Attackers will use readily available automation tools to break the breached password's encryption, and "stuff" that password into every high-value target website like PayPal, Venmo, Amazon, and popular banks. Worse, if the data breach included your email address, the attackers could password stuff your mailbox to take that over as well --- and just think of all the other logins an attacker could figure out, password reset, and take over if they gained access to your mailbox. Learn more about Credential Stuffing at Wikipedia.
You've probably heard of Phishing, which is an attempt to gain sensitive data by the attacker impersonating a trustworthy entity --- maybe your bank. Typically, these are a little bit easier to identify (we've all seen the supposed email from "your bank" which comes from a weird email address, and is asking you to email them your credit card information). Spear Phishing is similar, but involves the attacker researching you as a specific target and then phishing you with insider information to convince you to hand over money or valuable information. This is additionally dangerous now with so many people working virtually, and it happens 1,000's of times per day around the world. Would you have any idea that an attacker has been reading all the emails between you and your accountant/CFO for the last 3 months, learning the way you talk to each other, and then slips in a fake Accounts Payable for $10,000? Learn more about Spear Phishing at Wikipedia.
Your Staff / Employees & Company-provided Email
You and your employees have access to your business' digital assets -- whether it's your website, your accounting application, your vendors, and the data you hold about your customers. Do you have any idea what websites and services your employees have signed up for using their company-provide email address? Any idea if any of those services have had or are going to have a data breach in the future? You could lose a lot if you're in the dark. For example, if Bob in accounting signs up for alerts from the BBB and the BBB has a data breach, Bob's company-provided email, password, and potentially other data is now exposed to the bad guys -- and you'd have no idea until something terrible happens.
What You Can Do - Breach Monitoring
Wisconsin Buys Local is proud and excited to now offer Data Breach Monitoring for only $1 per month, per email address. Our service is connected to the major players in the breach monitoring community, and we make it easy to start monitoring your and your employees' email addresses. We're already monitoring over 500 different breaches and over 10 BILLION breached accounts, and it continues to grow every day.
Setup is quick, easy, and secure -- simply log into your Wisconsin Buys Local business member account, select Premium Services, then Breach Monitoring Service, and enter the email addresses to be monitored.
What Else You Can Do
Check out these additional Wisconsin Buys Local blog articles for additional information about protecting your business from data breaches.