A good chunk of these breaches are not someone actually trying to steal data, but just someone trying to either make something more easily accessible outside of the office or taking information when they leave related to things like contact information, maybe some documents they’ve written themselves that they want to keep, etc.
It’s likely that these folks aren’t actively trying to commit some sort of corporate espionage, they just aren’t really thinking about what they do. It might just be that the once-per-year required video just isn’t enough to make it top of mind every day.
So, best practices?
– use complex passwords.
– use each complex password on exactly one website. (Do NOT reuse).
– use a password manager to keep track of all those passwords.
– Use multi-factor authentication when available, as an extra step beyond your password.
It’s easy, though incorrect, to dismiss worrying about hacking on the basis that “I have nothing to hide” so if someone gets our information, it’s not that big of a deal. And, in fact, someone getting your credit card information might not really end up being that big of a deal to you when it’s the credit card company that has to do all the hard work to fix it. For a consumer, it might just be some inconvenience. But the real danger to me has always been the risk of someone manipulating your data and causing issues. Imagine someone hacking the DMV and marking you as someone whose driver’s license has been suspended, or hacking your phone’s GPS, indicating you were somewhere you were not.
Or, a hacker fabricating a plot to overthrow the government: