Businessman consulting employee

4 of the worst data breaches we’ve seen and what they teach us

These are the headlines no one wants.

Suffering a data breach is painful for a variety of reasons. In fact, the threat to organizations of all shapes and sizes is so great, news of any data breach is likely to send all business leaders into mild panic. And when the titans of industry fall, it’s particularly troubling.

Know the risks

Of course, the temptation for SMB leaders is to think they’re immune to such risks based purely on their size. If cybercriminals could spend their time going after companies worth billions, why go after yours?

According to 2018 Data Breach Investigations Report, small businesses are the target of 58% of cyberattacks. What’s more, Forbes estimates that a successful cyberattack is more detrimental to an SMB than a fire or flood.

To be clear, that means you’d theoretically be better off if your business burned to the ground than if you were hacked.

Related: 3 things you need to know about dark web monitoring

What a data breach costs

A successful cyberattack is expensive, to be sure. That includes a possible monetary hit, but the losses don’t stop there.

Money

According to Kaspersky Lab, recovery from a data breach for an SMB in North America costs about $149,000 on average. Assuming you don’t have that kind of money just sitting around, that’s going to sting.

Time

Breach recovery takes time, too. That’s time you could spend growing your business, closing sales and doing other revenue-generating things. But if you suffer a breach, you’ll lose a good bit of that time.

Reputation

Finally, data breaches hurt your reputation. Customers notice. Even if you handle recovery well, you’ll still likely lose some business as a result of the breach.

Related: Are your assets documented?

4 of the worst

In light of the high stakes, here are some of the worst data breaches we’ve seen to date . . . along with critical lessons you can learn from each one.

Yahoo

Remember that time hackers stole user data associated with over 3 billion Yahoo accounts? Yahoo probably remembers. As details emerged following the 2013-2014 data breach, the company was left with an epic hit to its credibility.

On the upside, most of the data was encrypted, making it completely useless to the cybercriminals. That didn’t help Yahoo’s reputation, but it did protect their customers.

Lesson: Encryption matters. It can protect data even after it’s been stolen.

Uber

When Uber was breached in 2016, the data associated with 57 million users and 600K drivers was exposed. That’s bad. But do you know what’s worse? How Uber handled it.

Instead of coming clean, company leaders choose to hide the breach. When it eventually became public knowledge, their reputation took a one-two punch. It’s always better to deal with a breach head-on than to hide it.

Lesson: There’s a right way to deal with data breaches . . . and a very wrong way.

Marriott International

In 2014, Marriott International was hacked. Cybercriminals made off with data associated with roughly half a billion customer accounts. That’s big news, but it gets bigger.

According to the New York Times, “The hackers . . . [were] suspected of working on behalf of the Ministry of State Security, [China’s] Communist-controlled civilian spy agency.” It’s well past time we stop thinking of hackers as hoodie-clad teenagers in their parents’ basements and recognize them for what they are: motivated, well-paid, intelligent criminals.

Lesson: Understand the scope of the threat. Cybercriminals are smart, savvy and strategic.

Related:  The biggest data breaches of the 21st century

Equifax

Equifax only waited 6 weeks to disclose that it had been breached—a far faster turnaround time than Uber—but the faster response didn’t spare the company harsh criticism. First, the information compromised included the social security numbers of more than 143 million people.

But to make matters worse, out-of-date software was to blame. Had updates and patches been applied properly, there’s a chance the breach would not have happened at all.

Lesson: Stay current with patches and security updates. Always.

Protect your data

Protecting your company’s data is important. It’s not just about the initial money you could lose. There’s also the loss of time and reputation to consider.

If you don’t already have a thorough cybersecurity plan, we recommend putting one in place immediately. And if you’re not sure where to start that process, reach out to your managed IT services provider today. They can help you take those critical first steps.

Keep reading: The complete guide to SMB cybersecurity