It’s happening more often and to larger organisations – security breaches are costing online businesses millions of dollars and putting people’s personal information into the hands of cyber-criminals.
One of the latest victims is eBay, which has had the names, email addresses, physical addresses, dates of birth and passwords of millions of its users stolen by hackers. Their response was to email their customers and advise them to change their passwords, which was not a particularly smart thing to do, as hackers often send bogus emails after a breach trying to get users to divulge even more personal information.
Other organisations who have suffered recent security breaches include Adobe, LinkedIn and Evernote, and those organisations took the step of automatically changing their users’ passwords. Target also suffered a massive security breach recently, which is expected to cost them up to a billion dollars in lawsuits and administration costs.
If huge organisations like these with massive resources at their disposal can be hacked, then every other business is at risk of the same happening to them.
While no system can ever be 100% secure, putting the right security measures in place can greatly reduce the likelihood of a breach. Such measures should include:
- Implementing two-factor authentication access and data encryption.
- Using separate passwords for each website or system so that if one password is breached, other systems remain secure.
- Updating software regularly and installing the latest anti-virus protection.
- Physically securing your computers when not in use and keeping servers in a secure area.
- Updating security regularly on BYO (Bring Your Own) devices.
- Using strong passwords and changing them regularly.
- Restricting access to sensitive data on a need-to-know basis.
- Making sure other organisations you share data with have adequate security measures.
Every business should also employ the services of a security consultancy to implement the following security measures:
- Penetration testing – The security firm attacks your system from a hacker’s viewpoint to identify weaknesses.
- Security assessment – The security firm audits your system and security policies and recommends improvements.
- Cultural assessment – The security firm looks at your employees’ awareness of and response to security threats such as social engineering.
- Employee training – The security firm trains your employees on how to use systems safely and how to respond effectively to security threats.
Although the data stolen from eBay could be used for future scams and identity theft, the organisation was fortunate that no sensitive information such as credit card details was breached. Target was not so lucky in this regard, and is being sued by several banks for their losses.
It is only a matter of time before a really major breach occurs where the resultant fallout will mean the demise of the organisation in a sea of litigation. And that’s why every business needs to make data protection a priority rather than an afterthought.