Hackers Are Getting Better: How to Make Sure Your Company is Secure
The headlines are loaded with corporate security breaches. While most large companies have proper security systems in place, it still keeps happening with alarming frequency. These are not mom-and-pop companies, either; these are multimillion dollars corporations that should have known better. From 2009 to 2010, for example, the social media giant Twitter had eight of the worst hacks in social media history. The company has gone a long way to improve their security strategy, yet it is still having problems.
Here are three of the largest corporate social media hacks in history that never should have happened and what you can do to make sure it doesn’t happen to you:
LinkedIn is one company that should never be on the end of a devastating hack. Yet in June of 2012, it had the biggest hack in its company history. Easily penetrated encrypted passwords enabled a hacker to leak about six million of them. When the breach was discovered, the company disabled the profiles that were thought to be compromised. Within two days, the hacker got over 150,000 more. The company apologized, promised an investigation, advised customers to change their profile information, and that was about the last we heard of it.
The problem and solution: Those six million passwords were stolen because they weren’t encrypted well. The solution seems obvious — bump up your encryption level, and make it impossible for users to access their profile with an easy password. The top three passwords hacked were: link, 1234, and work, reports Mashable.
Bottom line: Look for encryption software put out by several vendors to fit your needs and take steps to ensure that customers cannot create weak passwords.
Note: The LinkedIn hacker was found to be a Russian forum user; after the LinkedIn hack, he turned around and did the same thing to eHarmony. He hinted he had user names as well as passwords for both hacks.
Burger King
In February of 2013, Burger King Twitter followers found out the chain had been sold to McDonald’s – or so they read. An advertisement for Fish McBites was tweeted and the Burger King logo disappeared and was replaced by the McDonald’s logo. For a little over an hour (until Twitter suspended the account), massively inappropriate and obscene tweets were posted, including tweets about “employees” doing drugs (with photos); too much drug use was cited as the reason why Burger King was sold. The company apologized for the incident later in the day, reports Time.
The problem and solution: Not protecting its Twitter account with a solid password and not monitoring the activity turned Burger King into a victim. Heavy security system monitoring, along with strong password implementation would have gone a long way towards barring the breach.
Bottom line: Change the main Twitter account password often and make sure it is known to as few people as possible; ensure the password is strong. In addition, there are security monitoring companies that will watch all activity on all accounts 24/7 in your company; shop for one that fits what your company needs.
Home Depot
On September 8, 2014, Home Depot issued a statement to the public regarding a “payment breach.” The company reported that basically anyone in the U. S. or Canada who had used “a payment card” from April to September were subject to the breach. Roughly 56 million accounts were hacked.
The malware hack was perpetrated at the cash registers and tons of customer data was stolen. Recently the company admitted that the hack took nine months to detect and stop customer’s accounts from being compromised.
The problem and solution: A major security data breach of this type should have been caught well before it was. It is painfully obvious that the company did not have enough security implemented to keep the intruders out; a hack of this magnitude shows the company had major security policy flaws.
Bottom line: Protect your customers with the highest data encryption possible using security encryption software and monitoring systems as mentioned previously. To gain back their customer’s trust, a company might offer lifetime identity security protection for credit cards and any payment profiles.
Note: Home Depot is now offering a free identity monitoring service to all customers that used any kind of a payment card from April to September of 2014.
It’s time for companies to realize that it’s not enough to have basic encryption measures and firewalls as their main security tools. Cyber criminals are only getting better; it’s time for companies to look into the future to make sure that enterprise security solutions are in place so as to be one step ahead of a breach.