When bad things happen, valuable lessons often become clear. That’s certainly true whenever major data breaches occur. Reading about cyberthieves attacking large corporations can help you develop your own prevention plans.

2018 was a banner year for big hacks. Here are brief descriptions of three of them along with tips about how your company, whatever its size, might avoid similar crimes.

Marriott International

The evidence indicates that a spy agency in China spent four years gleaning the personal data of 500 million Marriott guests. Yikes!

Worth noting is something that happened in 2015. Days after Marriott officially purchased Starwood Hotels and Resorts Worldwide, Starwood employees noticed malware in some of its gift stores and restaurants.

But Marriott didn’t organize a full-scale response. If it had, the corporation might’ve eliminated certain vulnerabilities and strengthened its overall defenses. In so doing, it may have lessened the effects of the larger attack.

Thus, if you notice any kind of cyberattack, don’t just assume it was a singular event and that it’s now over. Instead, act fast. Contact top-notch security pros and the proper authorities right away.


The online platform MyHeritage, which is based in Israel, offers DNA tests to customers so they can learn more about their family histories and genetic roots. However, in June 2018, it disclosed a huge breach, which apparently took place on October 26, 2017. It affected about 92 million customers.

How did the hackers get into those accounts?

They found and decoded MyHeritage’s collection of hashed passwords—passwords that have been converted into a series of characters called hashes. As a result, the thieves could see users’ email addresses. Even worse, with access to those passwords, the criminals might get into MyHeritage customers’ accounts on other websites. That’s because many people reuse their passwords again and again.

The lesson here is to treat password security as a top priority. Remind your customers to use a new password for every online account they sign up for.

They can use a password manager—whether it’s a mobile app or an online service—to keep track of all those passwords. In addition, be sure to utilize the most secure and sophisticated password hashing algorithms in existence.


Finally, in September, Facebook revealed that hackers were able to break into 50 million accounts. The criminals stole those accounts’ access tokens, and they could look at anything those users had ever posted. It’s a privacy nightmare. Three weak points in Facebook’s software made this infiltration possible.

As you can see, your company’s data security measures are only as strong as your weakest hardware and software components. For that reason, it’s vital to have experts examine every high-tech tool that your company relies on, including your Bluetooth, Apple and Android devices.

At this point, you may feel that a serious cyberattack on your business is more or less inevitable.

But it doesn’t have to be. If you hire the right cybersecurity team to assess your entire infrastructure, monitor and update your network, and train your employees as far as the best safety practices, your company can be successful in the continuing battle against hackers. Your data can stay protected.