There are many dangers out there in the world of business, and with the rapid technology development, many of them are now associated with online security. Numerous companies store their customer’s personal information in their databases that can be accessed by their employees online and, unfortunately, hackers as well. It can be hard to recover after a security breach, so it is definitely better to protect yourself against them effectively.
To help you to improve the cybersecurity level in a company, many entrepreneurs turn to experts in this field, such as those from Bullet Proof. It is definitely a good practice, but it is also worth learning more about this subject by yourself. To help you with that, we will share with you the most significant lessons learned from some of the biggest data breaches that happened recently. In this way, you will know what to take care of so that your business can be safe from such an attack. Keep on reading!
Data Breach Lesson 1: Yahoo, 2013-2014
In 2016, two years after the event, Yahoo stated that they had experienced one of the biggest data breaches in history. It was an attack where the sensitive data (such as real names, birthdates, telephone numbers, or email addresses) was acquired from the accounts of 500 million users. Just a few months later, they also revealed that in 2013, there was a separate data breach that affected as many as 1 billion user accounts. Not only the personal information was compromised there, but also the security questions and answers.
The lesson you can learn from Yahoo is not to underestimate the risk of cyberattacks. The stolen passwords were hash with bcrypt, but it turned out not to be enough. What is more, their strategy of releasing the information gradually and a long time after the breach was not right – in this way, you show that you have been hiding something from your clients, and it makes your brand untrustworthy. It is better to let the users know about the problem right away and assure them that you are doing your utmost to fix it as soon as possible.
Data Breach Lesson 2: Equifax, 2017
In September 2017, Equifax, which is one of the biggest credit bureaus in the whole United States, revealed that the application on their website had a vulnerability that let a serious security breach happen – the attackers acquired the personal information of nearly 143 million customers. It was discovered in July, but most probably it started much earlier – in the middle of May. The stolen data included social security numbers, addresses, names, birthdays, credit card data, and driver’s license numbers. Interestingly enough, it happened due to just one employee’s negligence. It turned out that their Chief of Security had a music educational background, so the company failed at hiring a competent expert.
As it shows, it is crucial to have a specialist with proper knowledge and experience to prevent data breaches. And in order to attract the best experts, a company should offer an attractive salary. Cybersecurity is not something you can save on – take into consideration that it is often challenging for businesses to recover after data breaches because the customers’ trust is not easy to rebuild after such an incident.
Data Breach Lesson 3: Fortnite, 2019
In January 2019, Check Point Research informed about a significant flaw in Fortnite, an extremely popular multiplayer video game from Epic Games. They found a vulnerability on a few Epic Games domains, which was dangerous for over 200 million players. Any hacker could have taken advantage of the same flaw and conducted a cross-site scripting attack (XSS) to intercept the user accounts entirely. The only thing they would have to do is send a malicious link in a phishing email and tell the recipients to click it. After doing so, the user would unconsciously provide the attacker with their username and password.
Therefore, to protect your customers from such a data breach, you should use high-quality email security products. There are many tools of this kind available nowadays, such as Avanan Account Takeover Protection, SolarWinds MSP Mail Assure, or FortiMail.
Nobody’s perfect, and it applies to the huge corporations as well. Nevertheless, you should do everything you can to keep such sensitive data as your clients’ names, addresses, or credit card information as safe as possible. Bear in mind that after security breaches, some companies never manage to regain such trust as they had before it happened, so it is better to be safe than sorry.
There were many data breaches in the past, and the above mentioned are just a few chosen examples – you should study as many cases as possible and learn your lessons from the mistakes other businesses made to improve the one you have. You should, for example, take care of email security, always inform your clients in case of any incidents without trying to hide them, and hire the best available experts who will be protecting you against security breaches. It will certainly pay off!