Here’s an ad-age for you. There are two types of companies; those who have been hacked, and those who don’t know they’ve been hacked. This is a twist of words by Dmitri Alperovitch, a renowned computer security researcher, inspired from a statement by former FBI director Robert S. Mueller III.
It’s the era of hacking. Target had a breach back in 2014 that left 70 million shoppers’ personal information out in the open. That same year, one-billion Yahoo accounts were compromised, leaving consumers’ telephone numbers, passwords, and other sensitive information open to exploitation. It took Yahoo two years to either figure out they were hacked, or to let the public know. The two scenarios are still debated a year after confirmation.
Adopting Measures To Increase Security
We’re not IT experts. We’re not going to read an article, rehash it, and tell you to forward specific ports, or to buy the latest server software. Though the later isn’t a terrible idea. Companies need to do what they can in order to prevent data breaches. There are a few steps you can do to prevent the avoidable. Your company should already be in the habit of changing passwords habitually, especially on social media. It’s recommended that passwords change every 6 months, but depending on your size, and how often you bring new people into the scope, it may be beneficial to update them every month or so. This keeps former or disgruntled employees from going down in a blaze of glory at the cost of your reputation. Companies should keep a list of everyone who has access to their social media, and also a list of devices that are connected. The steps to find out which devices are connected, when they shouldn’t be, isn’t easy. But knowing there is an unauthorized device connected to your server or platform is a major advantage.
It’s A Matter Of When Not If
The ad-age above sums it all up fairly well. The average company, especially small businesses, don’t have access to the resources to implement a foolproof server or platform, if there is even such a thing. It’s imperative to adopt this way of thinking. This allows you to prepare, and hopefully through strict protocols and the adoption of a response guide, prevent any avoidable damage. Check out this link that provides a video and the resources to help you put together a response protocol when a data breach occurs.
Transparency Is Key
In any data breach, it’s critical to include all the needed parties such as law enforcement, stakeholders, and your PR team. No matter where you fall in the debate of the Yahoo hack, two years to go public with the details of the 2014 hack is too long. Either Yahoo was completely ignorant of their situation, or they were withholding information. Neither looks good for a company’s reputation. You don’t want to be those guys. Without spilling potential information that can endanger your personal information, your company, or your consumers, it’s crucial that you keep your audience up-to-date. If anything is to be learned from the past decade or so of data breaches, it’s that data breaches eventually hit the public. It’s better that your consumers, users, or members hear it from you, rather than on cable news or Reddit.