Some Crazy Cyber Security Mistakes Big Companies Made and What You Can Learn From Them

Some Crazy Cyber Security Mistakes Big Companies Made and What You Can Learn From Them

Most people think that big companies do things smarter than the rest of us. You can’t become a billion-dollar company without having a few tricks up your sleeve, can you? But even the biggest corporations have got hacked which cost them huge sums of money. Sometimes, the hackers are particularly smart and manage to get into company networks through sophisticated techniques, but more often than not companies leave the back door wide open from them. Here are just a few of the cybersecurity mistakes big companies made and what you can learn from them. We’ll also answer such cybersecurity questions like “how do I protect myself online” and “what is a VPN?”

1) TJ Maxx Wi-Fi Attack

In 2006, hackers managed to steal 94 million customer records including credit card details and personal information across 2,500 TJ Maxx and Marshall Stores. What was the culprit? Weak WiFi security. The attackers managed to learn the employees’ login credentials and later broke into the central payment-processing database of the store. However, it wasn’t only the weak WEP security that caused this. The hackers spent more than six months inside the networks before being noticed.

What you can do: Use strong passwords, change them frequently, and keep track of suspicious IP activity on your network. Also, use a VPN (here you can find a comprehensive explanation of what it is) which encrypts and anonymizes your connection making it much more difficult to gain access to your network.

2) Compass Bank

In 2007, a former employee of the mid-sized bank stole a hard drive that contained the records of more than 1 million customers. In two months, the attacker and an accomplice withdrew over $32,000 in cash from different people’s accounts. At the time, the state of Alabama (where the bank is based) did not require companies to disclose a data breach if one had happened, so many customers were completely unaware of what was going on.

What you can do: As an employer, be sure to screen all the personnel thoroughly, especially those employees who have access to sensitive information. Further, regardless of legality in your state, notify all customers if you have experienced a data breach so that they can take precautionary measures such as changing passwords and keeping an eye on their account activity.

3) Heartland Payment System

The Heartland Payment System attack is the largest theft of credit and debit card information in history with over 130 million records stolen. This attack was more sophisticated, but network administrators definitely could have taken more enhanced security measures. The hackers used a sniffer that was able to find packets of key information. From there, they also used a keylogger, which monitors keystrokes and thus login credentials. This often occurs when hackers gain access to a person’s email account and then sends the malware to one of their contacts who unexpectedly downloads the file.

What you can do: Make sure your Firewall is up to date and ready with the latest security patches. It’s also essential to have additional anti-virus software. Likewise, be sure to scan all files before you download them to make sure they are not malware. Finally, once again, use a VPN to ensure you have a secure connection, which will make it more difficult for hackers to target you.

4) IRS Attacks

Although it’ hard for many of us to feel sorry about the IRS (Internal Revenue Service), this attack resulted in the theft of more than 100,000 personal records. Not only this, but the attackers were also able to use the information to defraud the IRS of millions of dollars in false returns.

The attackers were able to do this through not just getting into the IRS network, but also taking advantage of a feature that allowed users to search for people and the history. People used this to look up their old records to simplify the process of filing their current taxes. However, the IRS inadvertently made very private information about people public.

What you can do: This is a serious lesson for companies to learn about how to manage user data. If your website contains user logins along with personal details like addresses, birthdays, and credit card information, it’s crucial that you handle this very carefully. Two-factor authentication is an effective way for both users and platforms to have stricter security. But companies also need to take additional measures to ensure that these records are kept safe from attack through encryption and other techniques.

Avoiding Costly Cybersecurity Mistakes

No company can afford the damages of an attack. It’s not just money, but also trust you lose when user data is stolen. TJ Maxx wasn’t exactly thriving in 2006, but having to pay millions in damages didn’t help at all and almost led them to declare bankruptcy. For smaller companies, this could be a deathblow.

Security begins with you. The vast majority of attacks occur over the internet. When an attack happens, you shouldn’t be scratching your head wondering, “What is a VPN?” Because they are the number one tool to prevent hackers from following your internet usage and encrypt all your data. From here, you can take additional steps such as personnel cybersecurity training. No approach is 100% safe, but by following these steps, you can prevent attacks from happening and minimize the damage just in case they do.