ATLANTA – Data breaches are a threat to businesses, nonprofits, and government entities of all sizes. But possessing strong IT security infrastructure and techniques can go a long way towards mitigating an attack, should one occur. Unfortunately for the taxpayers of South Carolina, the SCDOR did a poor job of protecting their personally identifiable data (PII). The hack was huge in scope: 3.8 million tax filers and 1.9 million dependents had their data potentially compromised.
INSUREtrust has released a video discussing some things that the SCDOR did wrong, to help educate the insurance industry and those who have sensitive data in their custody on how to avoid the mistakes that the SCDOR committed.
The chief misstep of the SCDOR was that it failed to encrypt taxpayer data, making it very easy for hackers to access. Encryption is a relatively easy and cheap process, and should have been a routine practice at the SCDOR.
But the SCDOR also needed to better educate its employees, since a common phishing scam was the backdoor method used by the hacker to infiltrate the network.
By understanding what went wrong at SCDOR, businesses, nonprofits, and other government entities can learn how to better shore up their own security.