Target. Sony. Ashley Madison. What do these companies have in common?
They’ve all been hacked over the last three years, along with several other well-known companies, and they have regrets about it. The unfortunate truth is many companies, both large and small, react to a hack after an incident occurs and the damage is already done. But the uplifting fact is valuable lessons are learned and can be shared with other businesses so history doesn’t repeat itself. So, what have these hacked companies learned?
An incident response plan is a must-have.
Data breaches can have disastrous consequences on companies including lost revenue, stolen information and a damaged reputation, but a response plan can hinder the full effects of a breach. Sony didn’t have an incident response plan—a thought-out policy that outlines what a data breach is and the steps to follow when a breach occurs—when names, addresses, Social Security numbers, internal emails and other personal information were exposed. Instead, their actions to suppress the breach were contradictory because of their lack of planning.
Response methods should be in place and properly implemented.
When it comes to retail (or any business selling a service for that matter), consumers should monitor their accounts and companies should monitor their networks for anything suspicious. Whether a consumer catches a suspicious activity or not, responsible companies will not only have programs in place to spot anomalies, but they’ll also have response methods ready to suppress a breach. It was reported that Target’s response methods were not applied the way they should have been after criminal activity was detected and that resulted in millions of exposed customer card records.
Deleted data can be recovered.
Ashley Madison was hacked because of password encryption weaknesses. Not to mention, the infamous infidelity dating site promised to remove all information associated with a user’s account once it was deleted. That wasn’t the case since the hacked data showed email addresses from supposedly deleted accounts. The moral of the story is deleting data from a company computer doesn’t mean the data is actually erased. Deleting a file usually means the route to the file has been removed, but the file itself is still retained unless it has been written over. This could lead to a data breach if the computer or hard drive gets into the wrong hands. Also, weak passwords and poor security settings make it easier for hackers to steal and expose sensitive information.
Redbud is a cyber security placement agency sought out by leaders who recognize the need to attract the best cyber security talent. Through Redbud’s extensive network of relationships, we can identify and secure individuals that represent the top tier of cyber professionals. Contact us for more information.