Another massive data breach exposing the personal information of millions of people occurred, the largest of its kind this year, all due to one employee’s compromised credentials.
AssuranceAmerica, a car and rental insurance company that provides services for more than a dozen U.S. states, reported that on March 17th hackers were discovered in their systems. Not only were customer names, contact information, and driver license numbers taken but information on customer policies and accounts, details on customer claims and more were as well. It is the largest known breach of Americans’ driver license information this year according to TechCrunch with 6.99 million people affected.
It Takes Just One Human Mistake to Affect Millions of Clients
While the cause of the breach was not specified, AssuranceAmerica did state that the hackers “targeted one of the Company’s employees” and that their compromised credentials were subsequently disabled. This indicated it had likely been a case of phishing or information-stealing malware. All it took was one employee being compromised for millions to have their sensitive personal information exposed.
This case is part of a growing trend of data breaches of sensitive records such as drivers licenses, which becomes more concerning as the use of digital identity verification is more widely adopted by online services. This only further proves how critical it is to have stronger identity protection controls and employee security awareness. Ensuring client and employee’s sensitive data is one of, if not the most important thing a company should account for in their cybersecurity.
If not properly accounted for, the risk of a massive data breach increases signifcantly and puts your business in a position that loses both current and possible future client trust.
Preventing and Mitigating Human Mistakes in Cybersecurity
There are several important ways businesses can account for human error with their cybersecurity to prevent data breaches:
- Comprehensive Employee Training – This is a nonnegotiable step towards better cybersecurity. It is one of the best ways to mitigate human error. It should not only be a part of new employee onboarding, but continual throughout so that employees are constantly aware and prepared for new possible threats. How to use sensitive systems, read and respond to emails, and spotting attempts to get information through social engineering are some of the important things for employees to be aware of that can be taught through this training.
- Threat Detection Software – Having real-time insight into user logins, such as location and network accessed from, and file assessment are just some of the few services a threat detection software can provide. These can detect if a user has been compromised and contain it before any harm is done.
- Password Policies – All employees should be under a strong password policy. Having multifactor authentication and rotating password policies will also greatly decrease risk so that any login attempts from outside threats can be prevented easily.
- Data Security Audits – Having regular security audits to examine the security infrastructure, policies, and practices is essential for catching any outdated practices or holes in the cybersecurity before they can be exploited. They not only check the security software themselves but the practices implemented within, ensuring things are as secure as possible and catch any possible opportunity for human error.
All it takes is for one employee to be compromised for a massive data leak to occur as the AssuranceAmerica case demonstrates. Ensuring your business is prepared for inevitable human mistakes will protect not only your clients but the future of your business. While implementing such practices does require investment, the consequences of not having strong cybersecurity in place will not only cost your business financially, but become a stain on your business’ reputation with potential clients.
Ready to strengthen your defenses? Visit www.tmpcinc.com or reach out directly for services that can protect your business from possible data breaches.