RALEIGH, N.C. – Cybersecurity experts on Wednesday said human error remains the single biggest threat to North Carolinians' data.

  • State officials received more than 1,200 reports of security breaches last year
  • About half came in through email
  • Experts say you should take a layered approach to cybersecurity

Attorney General Josh Stein's office this week released 2019's cyberattack statistics. State officials received 1,210 reported breaches, the most of any year since the state began tracking them in 2006. Nearly half involved businesses that were not involved in healthcare or the financial sector, and about half came in through emails.

The numbers don't surprise Craig Petronella, of Petronella Technology Group. He said his company saw an increase in requests for assistance with security breaches last year. Petronella said in most cases, people get fooled by legitimate-looking emails and forget their cybersecurity training.

“We've done breach response for companies that lost over half a million dollars before, just because they clicked on the wrong thing,” he said.

The issue is not limited to the private sector. Maria Thompson, chief risk and security officer at the NC Department of Information Technology, said city and county governments faced a slew of cyberattacks last year. She said school systems in particular faced ransomware attacks, where hackers lock up vital data and demand payment, often in virtually untraceable cryptocurrency such as Bitcoin. Like the private sector, Thompson said email remains the most common way hackers gain access to government systems.

Petronella said an easy way to avoid such attacks is to carefully read emails before you open them. If they ask you to click on a link, hover your cursor over the link and see what URL pops up.

Petronella and Thompson said you should take as many steps as possible to minimize your risk of a breach. Besides good email judgment, they include:

  • Keep all of your software up to date and install patches promptly
  • Back up your data regularly, preferably in multiple locations. Petronella said to avoid backing up using digital dropbox programs, as these are easily hacked
  • Use long pass phrases with lots of letters, numbers and special characters. Short passwords are no longer enough
  • If you own a business, have someone do regular penetration tests to identify weaknesses