The recently hacked Ashley Madison website (which makes it easy to cheat on your partner) is simply the latest case of a big worldwide company having confidential data stolen. It’s a trend that shows no signs of subsiding, so it would be foolish to not pay attention to it. There are many things that your business should learn about security from this scandal. Here are the most important takeaways from the Ashley Madison hack that we at Sensible believe every Australian company should take note of.
You would probably tell your clients that their information is secure, but just about every company makes that claim. One of the biggest mistakes made by Ashley Madison was the failure to know if its data was truly secure. The company publically lauded its security, but it now seems like those claims were rather hollow. In fact, it appears as if no one at Ashley Madison knew a whole lot about its security practices until the damage had been done.
You should not simply pass off your business’s security to the IT department. Being involved will allow you to see how it works. You don’t need to be a tech expert to understand
how your data is being secured. Your security provider, whether it be in-house or via a managed services provider, should be able to explain security practices in layman’s terms. This will allow you to ask questions and be proactive because chances are if you see a weakness, others will notice it as well.
Another takeaway from this scandal was the fact many employees, both from private companies and government offices, were using business email accounts to sign-up for Ashley Madison whilst also using office Internet connections to access the site. Putting the ethical questions aside for a moment, public sentiment is undoubtedly negative and companies with employees who used Ashley Madison at work have been exposed to the scandal’s backlash.
By placing the appropriate email and Internet security solutions in place at your business, you can reduce the amount of risk your company is exposed to by employees. No one really wants to put restrictions on their employees’ Internet and email access, but it is important to be smart. Being connected to scandals like this can bring unwanted publicity to your business. Worst of all, your employees might not even realise they are putting your company in harm’s way when they access this type of content at work.
As the Ashley Madison case has shown us, massive data theft or loss can be the end of your business. When clients trust your business with their data, they are confident in your ability to protect it. Of course, things do happen and if your data does go missing, it’s important to have a plan of action ready. While it’s unlikely your company’s data breach is unlikely to garner the mass attention like Ashley Madison, it means a whole lot more to you, your company and your employees. Just because your company isn’t big doesn’t mean it’s invincible.
A disaster recovery plan can help your company ensure it has backups and even backups of your backups. If you believe your data has been stolen by hackers, it is important to act immediately. You’ll need to quickly assess what information has been stolen and inform the appropriate parties so they can take the necessary steps to protect themselves. From there, you will want to re-secure your company closing any security loopholes that have been found. Finally, access your backups and make sure your business continues to operate as close to normal during the crisis.
The hackers who stole 36 million records from the Ashley Madison site, published all the records for everyone to see. This is a bad one.
Cyber criminals are leveraging this event in a lot of different ways: email phishing attacks, dodgy websites where you can "check if your partner is cheating on you", or ways to find out if your own extramarital affair has come out.
Any of these 36 million registered users are now a target for a multitude of social engineering attacks. People that have (had) straight or gay extramarital affairs can be made to click on links in emails that threaten to out them.
We have seen phishing emails that claim people can go to a website to find out if their private data has been released. Phishers and blackmailers are now gleefully rubbing their hands, let alone the divorce lawyers and private investigators that are pouring over the data now.
Worried about your security? We can show you how to protect yourself. Contact us today at Sensible on 1300 SENSIBLE (736 742) for more information on how to keep your company safe.