What is a data breach? Understanding and preventing risks

Data breaches cost companies an average of $9.48 million in 2023. That average cost has increased yearly since 2013 due to significant technological improvements. 

In addition to the dollar cost, data breaches negatively impact users, taking significant time to fix and affecting public relations. 

Businesses are often targeted for these attacks because they have swaths of private information and credentials located on one centralized network. So it’s important your servers are up to date with the latest OS and security patches and have strong antivirus and security precautions in place.

Today, we’ll cover the following areas of data breaches:

1. The top five reasons data breaches occur
2. Eight ways to secure your server and prevent a data breach
3. Three things to immediately do if a data breach occurs
4. Ways we can help prevent data breaches in the first place

Let’s get started.

What is a data breach?

A data breach is an incident in which sensitive or personal information is accessed and/or obtained by an unauthorized party. Sensitive data can include ePHI (electronic personal health information), corporate trade secrets, or even customer records. They can also include email addresses, credit card numbers, passwords, financial account details, and database information.

How do data breaches happen?

Data breaches can happen via a wide range of attack vectors. From weak passwords to out-of-date software, there are many ways that attacks can occur. Each of these vectors needs to be secured properly.

Here are the five most common causes.

Weak passwords

Weak passwords are one of the primary ways servers and data get compromised. If your server connects to the internet, it’s very likely under attack. Automated hacking tools brute force unprotected servers by trying thousands of password combinations to gain access to systems. They’re a key part of understanding what a data breach is and how to prevent one.

These attacks can occur against RDP (Remote Desktop Protocol) Web Applications, Mail Servers, SQL services, and more. To protect yourself, use a strong password that consists of a mix of uppercase and lowercase letters, at least one number, and a special character. 

You should also make it as long as is practical for you — an eight-character password with all of those will still only take a day to crack by brute force, whereas a 10-character password with all of those would take 50 years.

That’s why we advise that you:

• Use a password at least 12 characters long
• Make sure each password is unique
• Use a variety of special characters and symbols
• Try passphrases — not just words
• Check your password strength
• Change passwords regularly
• Leave personal details like birth dates out of passwords
• Check if your username and password have been exposed in a data breach
• Utilize multi-factor authentication (MFA), when available 

Out-of-date operating systems and software

Out-of-date operating systems and software are some of the most common vectors for hackers to breach your servers. Software and operating system patches and updates help you keep up with new attacks. That’s why you need to run regular vulnerability assessments to determine if your software is outdated and needs an update. It's crucial to apply patches and updates promptly to address known vulnerabilities and reduce the risk of exploitation by attackers.

Penetration testing can also help catch areas where your systems risk exposure to cyber criminals. That’s why you should always ask hosting providers what vulnerability assessments and penetration tests they run on their systems. Remember, the cost of a provider is significantly less than the cost of a data breach.

An exploitable website

A common method for hackers to infiltrate secured data is SQL injection. If your website interacts with an SQL database, this attack uses potential security vulnerabilities in which cybercriminals send specific requests to a public-facing form, which may reveal sensitive information normally secured in your database.

To safeguard your site, carefully restrict database access and keep your form plugins and website infrastructure updated. Then, sanitize the inputs from the outside with code. 

For example, if you have a form field for phone numbers, write code to exclude responses that aren’t 10-digit numbers written in numerals. After all, you already know how harmful a data breach can be.

Phishing

Phishing scams were the most commonly reported type of cybercrime in 2023. It can involve tricking users into opening malicious files and granting hackers system and network access. 

Educating employees and clients on phishing prevention is crucial, making them vigilant against seemingly legitimate but harmful messages. That can help prevent social engineering phishing attacks. You should also scan for phishing vulnerabilities and use phishing-resistant multi-factor authentication (or two-factor authentication).

Breaches of physical security

Physical security breaches, though often overlooked, can lead to severe data breaches. Unauthorized access to a workstation or network allows attackers to navigate through and access servers, exploiting legitimate user credentials. 

Incidents like inserting rogue USB devices, attackers impersonating staff, or leaving workstations unattended and unlocked can compromise even the most secure servers. 

Make sure your physical locations are secure and your employees or users can identify suspicious activity or hardware. For example, employees shouldn’t hold locked doors open for anyone, and every employee or visitor needs identifiable information to log in and open the doors.

Securing your server and preventing a data breach

Here are a few steps your team or outside professionals can take to manage and secure your server from a data breach. 

Set up a firewall with proper rules

Securing your server starts with a strong firewall, either hardware, software, or both. We assist in configuring both types to shield your servers from external traffic, establishing and updating access rules to block unauthorized access effectively. That can reduce the cost of a data breach if one does occur.

Block all unnecessary traffic and ports

Your firewall should have strict rules allowing only the services you need and the appropriate IP access. For example, if you’re not using secure file transfers like SFTP or FTPS over port 21, block this port for everyone because it’s a common place for hackers to target in ransomware cyber attacks. 

Limit access to data

There’s no sense in giving access to services to those who don’t need them. If only one computer needs to use RDP, then only that IP address should have access. If only your local IP range needs to access a sensitive area of your web application, limit this access to only those who need it. Giving access to people who shouldn’t have it can amount to what is essentially a data breach.

Frequent role changes or departures can leave outdated access permissions, posing security risks. Regular audits and access reviews by your security or administration team ensure individuals have only the necessary permissions for their current roles.

This can be critical; HIPAA-compliant hosting requires strict practices concerning who has access to sensitive data like medical records and how it’s accessed.

Set up automatic OS updates and patch out-of-date software

Configure automatic updates to ensure your operating system and applications have the latest release and your software has new patches installed. You must also enable the secure sockets layer (SSL) before you use the Windows Server Update Services (WSUS). Lastly, make sure to stagger updates so that your whole system won’t be out of commission simultaneously. 

OS updates are critical; for example, exploits like “Looney Tunables” can give cyber attackers root access to your system.

Install anti-virus software

Firewalls are a good preventive measure, but installing anti-virus software to protect your server is also important. If something does reach your server, your anti-virus software can block it internally and automatically. Anti-virus protection also helps protect your server from users accidentally (or purposely) downloading infected files. We offer Server Protection Packages to reduce your vulnerability online.

Train employees on proper security measures

Hardware and software protection means nothing if your employees don’t follow the correct procedures for handling data and sensitive information. Train your employees to be aware of possible phishing attempts and proper login procedures, and install antivirus software on individual workstations. 

Last year, 49 percent of data breaches involved stolen credentials. Training current employees to prevent having credentials stolen might sound expensive, but it’s a lot less than the cost of a data breach.

Thoroughly investigate code

You’ll want to thoroughly investigate the code your web applications use to clear them of possible SQL injections and exploitable forms or URLs. This isn’t easy, but it’s one of the most important ways to secure your server, as these web applications are usually publicly accessible and crawlable by visitors and attackers alike.

Unfortunately, there are no hard and fast rules for securing your web applications, as the code will differ from site to site. Hire a security consultant to audit your code and find possible exploits so that you can patch them quickly and effectively.

Use data breach prevention tools

There are numerous security tools to help protect your servers and data. Use a host that implements security measures that protect as much information as possible from malicious attackers, whether it’s secure firewall rules, industry-standard antivirus, or continuous server monitoring.

For Windows operating systems

Malicious Activity Detector (MAD) is an in-house tool developed by us to monitor and protect requests to your server. It works by identifying login requests with malicious purposes and blocking the IPs making these requests. If an IP attempts to log in to your server with invalid credentials, MAD will act fast and block these requests from ever reaching your server.

ESET is Liquid Web’s preferred antivirus solution for your servers. ESET is fully licensed anti-virus software provided for Window Server plans that can identify bad executables and files on your server in real-time.

At $10/month, ESET will actively monitor files on the server, automatically scan for new issues, and stay updated with the current release. We highly recommend ordering ESET for each of your servers to continuously scan and protect your files for what is a data breach.

For Linux operating systems

Maldet is a popular and free malware scanning tool. It can search and detect malware attacks across your entire server. Maldet detects, quarantines, and removes viruses and malware for infected servers.

Deploy off-site server backups

Keeping your servers and files backed up to an off-site location is important. If you encounter a data breach, you’ll want a clean and uninfected copy of the data to either restore or look for possible attack vectors to clean up on your current server.

If all else fails, you’ll have regular backups of your data and systems to get you up and running again as quickly as possible. You’ll want to be sure these backups aren’t stored on the same server they’re backing up, as it’s useless if the original server itself gets compromised.

A managed cloud service helps with this because it monitors your data 24/7 and backs it up offsite, protecting it from an array of cyber threats.

What should you do once a data breach occurs?

If you discover that there has just been a recent data breach, speed is of the essence. You need to:

1. Call a lawyer
2. Call a security consultant
3. Deploy your business continuation plan or disaster recovery and backup strategy

Explore additional data breach prevention options

Hardware firewalls are available for dedicated servers and VPS Servers with us. Our hardware firewalls provide the most robust security for your servers by default. They can also be modified to suit your needs, allowing or blocking IP addresses and ranges to your server or specific ports.

Acronis cyber backups are also available. Because of their versatility and reliability, Acronis backups are the preferred method for backing up your server and files for most customers.

Basic server monitoring is included with our hosting packages. Our monitoring service will alert our in-house technicians if a particular port or service goes down on your server. With this information, our technicians immediately investigate the cause of the downed service. This allows us to identify greater threats at the first sign of trouble.

While monitoring itself doesn’t protect the server against data breaches, it allows us to monitor services such as HTTP, FTP, and mail to ensure your servers work as intended.

Next steps for protection against data breaches

With millions of data breaches and the financial and reputational damage they cause, you should take the time to audit your servers, software, and applications to ensure you are protecting your data properly. 

That can be intimidating, but it’s essential to get it right. That’s why many hosts trust us to help you stay secure with off-site backups, firewalls, server and application protection, and more.

Interested in how we can prevent data breaches for you? See our hosting plans.