That’s only a slight exaggeration. Increasingly, your company and its reputation are vulnerable to outside threats that can hijack your information and make life tough for your business, your customers and you.
A recent example involving the extortion of a Twitter handle brings home just how quickly—and how unexpectedly—things can go wrong.
Since 2007, Naoki Hiroshima, a Palo Alto app developer, had maintained the one-letter Twitter handle of @N, one that he says drew offers as high as $50,000. When Hiroshima wouldn’t sell, he says a hacker used trickery to take his numerous GoDaddy websites hostage in exchange for the Twitter account. A frustrated Hiroshima gave in.
What does that story mean for you? For one, you don’t want to have to acknowledge a serious security breach to your customers, as GoDaddy did. Target is another business that has paid dearly for a hack job. No business wants that kind of damage to its reputation.
But your first objective must be to safeguard the integrity of your online dealings and overall data in a time of escalating threats to their security. Here are some key practices you’ll want to consider:
- Assessing your defenses – What processes does your company currently have in place for reviewing, analyzing, and adjusting policies and procedures? How big a priority is security, and what is your commitment to maintaining the highest levels of it—financially, operationally and among your employees? Are all your employees qualified, well-trained, and adequately prepared for preventing, detecting, and/or responding to security issues?
- ‘Halt, who goes there?’ – How do you know your customers are who they say they are? Credit card digits, account numbers, even Social Security numbers can be breached, and passwords are frequently too weak to withstand a threat. Employ a number of authentication hurdles to keep both you and the customer safe.
- A two-way street – Are your employees well-schooled in what information is safe—and not safe—to give out over the phone? Studies have shown that Social Engineering (the application of social pressure over the phone, email, or sometimes in person) is the most effective way of breaching corporate security. If ‘Corporate IT’ contacts you asking for your username and password to fix an issue, you might be a victim if you provide that information. The @N hacker exploited a key security breach achieved over the phone to gain access to enormous amounts of information and capabilities.
- Going to Plan B – When something goes wrong, will you be prepared? What recovery capabilities do you have in-house, and what are the outside sources of help you need to cultivate? Can you quickly recover from a breach, undo the damage, and prevent further harm?
- Screen your friends – Are you sure you can trust the capabilities of your website and web development vendors? Are you and your tech experts convinced that they are maintaining the practices that will keep you safe? Make sure vendors can demonstrate their security capabilities.
This article from CFO.com provides further depth on data security best practices.