Common Security Mistakes That Could Lead to Data Breaches
Table of Contents
- By Dawna M. Roberts
- Published: Dec 25, 2020
- Last Updated: Mar 18, 2022
Regardless of whether someone is responsible for securing a website or a corporate server, if even one setting is misconfigured, it could lead to a major data breach with far-reaching consequences that affect the company's customers, vendors, employees, and the company reputation.
Here are some of the most common security mistakes that could lead to data breaches.
Forgetting to Switch from Development Mode
When webmasters test new websites and applications, they often leave the door wide open with vast permissions so they can fully test things. If the site uses cloud-based services like Amazon AWS S3 buckets, those may have full privileges that were not meant for the public. If these doors are not fully closed and the site secured before going live, a hacker may sniff it out and exploit it, stealing more than just company data. If cybercriminals gain access to a storage bucket, they could also inject malicious code into legitimate code, making it all that much harder to detect and clean up. The solution is to institute a policy where all permissions and access levels are reviewed prior to something going live.
Poor Coding Leads to Injection Issues
Unless developers filter untrusted input from forms and user interaction, it could lead to SQL injection (or other types) and corruption of data. The best bet here is to use trusted frameworks to do the filtering since closing all open holes can be challenging even for senior developers.
VPN Left at Default Settings
Many companies use VPNs to allow remote workers to access while traveling or working from home. Many VPNs come out of the box configured with insecure settings. For example, some use split-tunnel, meaning that they route user traffic over a secure connection for protected systems, but all other traffic is sent directly to the internet. This poses a problem because once the user is connected insecurely to any part of the network, a bad actor could access their device and piggyback into the system using this misconfiguration. The fix is to review all security settings and research precisely how they work to identify these vulnerabilities before someone else does.
Server Environment Issues
The server where your website is hosted has dozens of settings, which could pose further security issues if left at default settings. Some of the most common doors left unlocked are:
- Leaving debug on in a production environment.
- Too many services running on the server that don't need to be. Third-party add-ons often have security vulnerabilities.
- Not updating frameworks like WordPress, MySQL, PHPMyAdmin, etc.
- Using "root" as the admin login username.
- Not changing default passwords on the firewall, websites, and server.
- Turning on the directory listing, which exposes file paths and server information.
The best way to combat this is to create a process where every single setting, password, and item on the list is checked before deployment.
Not Securing Data Properly
It's never a good idea to store raw/text data in a database. If we have learned anything from all the data breaches and credentials found on the dark web is that eventually, hackers may get their hands on it. Therefore, anything sensitive, including passwords and private information, should be encrypted and hashed in the database. Using a hashed-salted approach is even better. The data transfer process also needs to remain encrypted. The data should never be easily readable by anyone. Some ways to mitigate your exposure here are:
- Never code IDs, session numbers, and personally identifiable information in the URLs.
- Always secure data transit with HTTPS.
- Only save the bare minimum of information online. The more you store, the more is at risk.
- Encrypt all backups as well.
Misconfigured Authentication or Authorization
Authentication refers to a system using steps to ensure that the person logging on or using the resources is the intended party. The authorization applies to whether or not the person is allowed to access the resource.
If either of these is misconfigured, the user may gain access to authorized resources that they were never intended to use. Hackers are very good at bypassing authentication. Therefore authorization needs to be in place to ensure that only a few authorized individuals who need to use resources are allowed access. Often too many people are provided access to things they don't really need. That creates a vulnerability that cybercriminals could easily exploit.
Periodically review authentication methods to make sure they are working. Multi-factor authentication is best that uses a three-pronged approach to verify identity. Take a look at who has authorization to what and tighten up those holes as well.
Watch Out for Third-Party Tools and Add-Ons
It's nice to be able to use third-party tools and add-ons to enhance your online presence but not at the risk of a data breach. Vet your cloud vendors and any third-party tools you use before trusting them to integrate with your customers, corporate data, and operations. Quite a few data breaches were linked to insecure third-party vendors or tools that were not coded well.
