Immunize your organization

A major finding of this study is that contrary to public opinion data breaches have hit organizations of all sizes and in every type of industry. Nobody is safe. Immunize your employees to prevent the insidious infections.

This probably doesn't surprise anyone, but cybercriminals continue to seriously breach databases in global organizations in every industry and profession in private and public sectors. If your company hasn't been breached — and if you haven't imposed the latest safeguards — you probably should anticipate a breach in the near future and prepare for public humiliation, down time and expense.

Of course, your organization should be proactive in designing a risk management strategy that includes security awareness and data protection programs for your employees at all levels to help to protect personally identifiable information (PII), company data, and other sensitive information and resources. Your job? Regardless of your job title, as a fraud examiner, you must reinforce the risk message and publicize the magnitude of the negative impacts of data breaches and compromised records on organizations and specifically in their industry sectors.

These three data breach cases, which rank in the top 15 in 2015 from the Privacy Rights Clearinghouse's (PRCH) Chronology of Data Breaches help to illustrate the severity of the problem.

In July 2015, a third-party contract employee hired by the National Guard unwittingly caused a data breach when the contractor mishandled a transfer of data to a non-accredited data center. The breach possibly exposed the Social Security numbers, home addresses and other PII of approximately 850,000 current and former National Guard members — dating back to 2004.

In February 2015, health insurer Anthem announced an embarrassing breach, which began in February 2014, that exposed an amazing 80 million patient and employee records including the unencrypted names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, employment information, income data and more.

In May 2015, CareFirst BlueCross BlueShield discovered a data breach in which external hackers invaded a database and compromised unencrypted names, birth dates, email addresses and subscriber information of 1.1 million members.

The firm said that member password encryption prevented the cybercriminals from gaining access to Social Security numbers, medical claims, employment, credit card and financial data. However, if the firm had used the basic DES system and not an advanced encryption system to encrypt its data, the hackers could've easily used software to convert the encrypted data back to plain text and then use it for identity theft.

National media outlets tend to report data breaches that only have affected major national corporations and government agencies, so the public is unaware that the data breach problem is much broader in scope. The results of our study prove this point.