Data Breaches: Why You Should Never Share Your Passwords

Data Breaches: Why You Should Never Share Your Passwords

A data breach is a cyber attack in which sensitive, confidential or protected data is exposed to an unauthorized person or a group of people without the consent of the data owner. The data can then be copied, transmitted, viewed, stolen and used by cybercriminals for fraudulent activities. Data breaches can affect individuals, small businesses and large corporations. The data involved may be personal health information, personal identification information, organization secrets, credit card numbers, social security numbers, customer lists and source code. In a data breach, data exposed can be used for identity theft, financial crimes and obtaining loans. This can result in losses for both individuals and businesses, as well as government penalties when industry and government policies are violated.

Data breaches are sometimes accidental. They occur when an individual or organization mistakenly sends data to the wrong recipient. In most cases, data breaches occur due to security weaknesses in technology and mistakes due to human error. A data breach can take many forms: access by an unauthorized third party, deliberate or accidental action by a controller or processor, computing devices with personal data being stolen, alteration of personal data without permission and loss of availability of personal data. Regardless of the form in which a data breach occurs, it is best to identify the breach early and take action to prevent further losses.

Data breaches happen for two main reasons: there is a breach in security of a technology or there is a human error. Either way, a data breach may be precipitated by different processes which are listed below.

Phishing: Phishing, a form of cyber attack in which social engineering is used to lure individuals into giving out sensitive data. Phishers gain access to personal data and company email for malicious purposes.

Password Guessing: Password guessing involves trying different techniques to find out passwords of individuals and organizations. Attackers guess passwords, gain access to sensitive data and can manipulate the data.

Malware: Cybercriminals can use weak points in your servers, networks, devices, operating system, software and hardware to install malicious applications that extract sensitive data for fraudulent activities.

Insider Misuse: Employees who have authorized access and the ability to modify, destroy and disclose sensitive company data may intentionally or unintentionally expose data to breaches. This may be done by carelessness or with the intent of profiting off data breaches, e.g sale of company data to competitors. 

Theft of Physical Devices: When devices like mobile phones, tablets, laptops, desktops, flash drives, SD cards, SIM cards, etc are stolen, there is most likely access to sensitive personal and organization data by the criminals. 

Distributed Denial of Service(DDoS): Distributed Denial of Service attacks happen when cybercriminals flood an organization's network with requests, sending out malicious code and disrupting the network until it crashes.

Unpatched Security Deficiencies: Hackers take advantage of organization Common Vulnerabilities and Exposures(CVEs) to access company sensitive information.

Human Error: According to Verizon's 2022 Data Breaches Investigation Report, human error contributes to 82% of data breaches. This involves misconfiguring databases, sending information to the wrong recipient and making security mistakes. 

Data breaches have negative effects that spiral out from the individual to the organization and sometimes, even the government is affected. The main consequence of a data breach is that sensitive data is exposed: the exposed data can be modified, deleted and even shared with the wrong recipient. Imagine having an idea of some code for a billion dollar blockchain project on your device and it leaks to your startup's competitors. Terrible, right? Individuals and organizations can lose sensitive data just from a single data breach. The dangers of a data breach may depend on the type of data that is involved in the breach. Healthcare information, financial data, intellectual property, information on competitors, legal data and security information may be exposed and they all have different regulations, depending on the country you are located in. 

These data breaches can get you in trouble with government regulations and cost your organization a lot in terms of fees and fines. An organization could lose the right to conduct business in a given region. You could also lose customer trust if customer data leaks and face legal battles. If investor and supplier names are involved in the breach, such data may be released by cybercriminals to competitors for a fee. Financial data and personal information can be used for identity theft, loan applications and cracking into your cryptocurrency wallets. You could lose your money and numerous valuable cryptocurrency tokens just from one data breach. On an individual, personal data breaches result in humiliation and discrimination. On some occasions, sensitive data such as personal conversations, private videos and images could be leaked. This could further result in loss of job for an employee and permanent damage to a person's reputation.

Preventing data breaches is key to ensuring that confidential data is safe and secure from cybercriminals who want to access your data for malicious purposes. The first way to prevent data breaches is to stay aware: as an individual, be wary of security breaches on your devices and avoid using the same passwords. If you have an organization, educate your employees on data security and teach them how to spot phishing scams and install antivirus software. If any devices are stolen, make sure to reset configurations and passwords. In addition, you can work with an IT managed provider to ensure that your data is monitored round the clock remotely. You should also back up important data and delete any sensitive data with software designed for complete deletion. You can also employ the use of encryption for messages and install anti theft software on your portable devices.

Although no data is 100% foolproof, preventing data breaches help reduce the risk of data leaks. Create an inventory of all the sensitive data that is accessible to you, for easy tracking of data breaches. Limit third party access, especially privileged access to data for your employees. Ensure that the patching of networks and systems is thoroughly handled by your IT team: give no room for any security lapses. In addition, you should use firewalls, intrusion prevention and other security software to ensure that there is no intrusion on internal organization data. You can also employ the use of endpoint security controls such as malware detection to prevent the entry of malware into your network or systems. Finally, you should ensure that your passwords are long and as complex as possible: you should also remember not to share your passwords.

There are several reasons why you should never share your passwords: one reason is to prevent data breaches. Sharing passwords with your family, friends and work colleagues exposes your personal data and makes you more vulnerable to data breaches. For example, if someone else logs into a website with your password online and they are exposed to malware, you bear the risk of a data breach. The malware steals your password, which may be used by a cybercriminal to access your data. In addition, the person you share your passwords with may not be as security conscious as you are: they may fall victim to a phishing scam and accidentally expose your data. Any activity they carry out online is also tied to your username and identity: you are therefore liable for their online activities.

Another way you could be putting yourself at risk of a data breach is by using the same password for multiple accounts on different websites. It is very dangerous: all it takes is good password guessing to crack your password and multiple accounts with your personal data can be accessed by cybercriminals. In addition, you should avoid saving your passwords on your browser for automatic logins into websites. This is another way that cybercriminals can hack into your accounts and access your data, especially for fintech and crypto websites. This could result in huge financial losses and a complete hack of your crypto wallet account. Avoid sharing passwords with employees and letting them use their personal devices for work as their shared passwords could result in leakage of company data through insecure networks. There is no perfect plan for evading data breaches, but you can stay careful and try to keep your data out of the wrong hands.