The recent Experian data breach saw close to 800 000 businesses along with over 24 million South Africans’ information left on the internet exposed to cybercriminals. After Experian’s earlier announcement that the stolen data had been retrieved and accounted for, the data has surprisingly resurfaced again on the internet, now being shared via a Swedish Company, WeSendit. Questions South African businesses are asking, is what harm can come out of this data breach? And how can businesses protect themselves to avoid getting hacked?
“It is unfortunate that once your data is out there, there’s no way of retrieving it. There is a great likelihood of some of the affected businesses having their consumers’ personal information being used by cybercriminals to take part in illegal activities”, says Maeson Maherry from LAWtrust. He advises companies to take the following steps to protect themselves.
1. Have a plan in place
The first thing that businesses should do is to consider the importance of having a breach recovery plan. Responding to a breach needs to be both efficient and fast. Having a strong breach recovery plan will always help minimise the damages a data breach can bring for any business.
2. Train and educate employees on cybersecurity
Businesses should invest in the latest cybersecurity training for their employees. Routine employee training and education is especially crucial to ensure that staff are kept informed on current security and privacy measures to prevent further data breaches.
3. Keep track of your data
Maherry states that in light of the various cyber security experts’ efforts to prevent a similar incident from occurring, South African businesses must monitor and track the transfer of data through their systems. This will prevent the data from being misused or exploited.
4. Limit access
He further recommends limiting access of certain individuals among their employees; specifically those not connected to departments, and make sure that sensitive data is handled only by relevant personnel.
5. Evaluate your software and devices
Often, software that is not up-to-date, and unattended vulnerabilities within business systems, make it possible for data breaches to take place. These should always be handled in a timely manner. Furthermore, businesses should never allow or use devices that are not encrypted, as they are more prone and vulnerable to cyber-attacks.
“Businesses should be pre-emptive, and not wait to act only once they have been victims of a data breach to put efficient cyber-security measures in place to avoid being hacked in the first place,“ is Maherry’s final advice.
Maeson Maherry is Chief Executive Officer at LAWtrust.