The most recent hack to make the headlines is the Ashley Madison hack. It is making news mainly because of the sensational nature of the sight to begin with and the sordid details that are available regarding its membership base. However, there are some lessons to be learned regarding security for this as well. The following are three important lessons to be learned from this hack and what your business can do to prevent it from happening.
1. Verify the actual integrity of your data security
You probably tell clients their information is secure, but just about every company makes that claim. One of the biggest mistakes made by Ashley Madison was the failure to know if its data was truly secure. The company publically lauded its security, but it now seems like those claims were rather hollow. In fact, it appears as if no one at Ashley Madison knew a whole lot about its security practices until it was too late.
Don’t simply pass off your business’s security to the IT department. Being involved will allow you to see how it works. You don’t need to be a tech expert to understand how your data is being secured. Your security provider, whether it be in-house or via a managed services provider, should be able to explain security practices in layman’s terms. This will allow you to ask questions and be proactive because chances are if you see a weakness, others will notice it as well.
2. Employees and their surfing habits can be your biggest threat
Another takeaway from this scandal was the fact many employees, both from private companies and government offices, were using business email accounts to sign-up for Ashley Madison and office Internet connections to access the site. Putting the ethical questions aside for a moment, public sentiment is undoubtedly negative and companies with employees who used Ashley Madison at work have been exposed to the scandal’s backlash.
By placing the appropriate email and Internet security solutions in place at your business, you can reduce the amount of risk your company is exposed to by employees. No one really wants to put restrictions on their employees’ Internet and email access, but it is important to be smart. Being connected to scandals like this can bring unwanted publicity to your business. Worst of all, your employees might not even realize they are putting your company in harm’s way when they access this type of content at work.
3. Accept that there may be data loss
As the Ashley Madison case has shown us, massive data theft or loss can be the end of your business. When clients trust your business with their data, they are confident in your ability to protect it. Of course, things do happen and if your data does go missing, it’s important to have a plan of action ready. While it’s unlikely your company’s data breach is unlikely to garner the attention of Ashley Madison, it means a whole lot more to you, your company and your employees. Just because your company isn’t big doesn’t mean it’s invincible.
A disaster recovery plan can help your company ensure it has backups and even backups of your backups. If you believe your data has been stolen by hackers, it is important to act immediately. You’ll need to quickly assess what information has been stolen and inform the appropriate parties so they can take the necessary steps to protect themselves. From there, you will want to re-secure your company closing any security loopholes that have been found. Finally, access your backups and make sure your business continues to operate as close to normal during the crisis.