New reports of a major data breach—this time affecting an estimated 1.2 billion usernames and passwords and 500 million emails—is yet another wake-up call that small companies can’t take their data security too lightly. News of the breach was uncovered by Hold Security, a Milwaukee information security and investigations firm. Hold discovered that Russian hackers broke into easy-to-compromise computer systems of an estimated 420,000 web sites around the world, including those of Fortune 500 companies and small businesses, Alex Holden, the company’s CEO, told The New York Times. “And many of these sites are still vulnerable,” he added.
Early reports suggest the hackers have mostly used the usernames and passwords to send spam out on social-media accounts such as Twitter, but such a breach could certainly lead to more serious types of fraud.
To thwart such attacks, business owners need to do all they can to secure their websites and customer information. Businesses that store any kind of confidential or sensitive consumer information—whether passwords or credit card numbers—need to be aware that hackers have them in their sightlines. “Companies that rely on user names and passwords have to develop an urgency about changing this,” Avivah Litan, a security analyst at research firm Gartner, told the Times.
So what can your business do? CIO.com offers 15 cybersecurity tips for businesses and ecommerce operators, including these three keys:
Don’t store more customer data than you need.
There’s often no reason to keep credit card numbers and other sensitive customer information just to have it on file. Make it a policy to purge customer records from your system once that data is no longer relevant or needed for the business at hand. “The risk of a breach outweighs the convenience for your customers," Chris Pogue, director of Digital Forensics and Incident Response at Trustwave, told CIO.com. "If you have nothing to steal, you won't be robbed."
Put the right technologies in place.
First and foremost, make sure you have a firewall protecting your network. Make sure you require strong passwords—even those that require two-factor authentication—to access sensitive information. Use cyber-protection software that hunts for viruses and malware on your web site and as you search the web. Update the patches on your software regularly.
Train your employees to thwart attacks.
Many breaches (including the Target breach last fall) occur because employees unintentionally and unknowingly hand over sensitive business information to a hacker presenting themselves as a reputable person in need of information, or because they click on malicious links sent to them via email. Supply your employees with best practices—such as using strong password protections and secure networks when working remotely—whenever they use personal devices such as smartphones or laptops for work. Training employees on how to look for—and avoid—such breaches can protect a business from being the next victim.
Read more articles on data security.