Last month, Yahoo announced that over 500 million of its user accounts had been hacked at the end of 2014. This is believed to be the biggest cyber security breach to date. Yahoo claims that the information was stolen by a “state-sponsored actor”, although haven’t said exactly how the data was extracted.
Details such as users’ names, email addresses and security questions are known to have been taken as well as passwords in a ‘hashed’ form. However, Yahoo currently believes that the perpetrators did not steal any credit card or bank details.
As a precaution, all users are being told to reset their passwords and security questions. Some are questioning why Yahoo failed to encrypt the security questions in the same manner as their passwords. It is worrying that these are so easily readable for hackers, and could allow access to other security systems that use the same questions.
This security breach has serious implications for Yahoo’s future, as their multi-billion dollar sale to Verizon is now in jeopardy.
The company’s reputation has also taken a serious hit. Users may now think twice before setting up or continuing use of Yahoo’s services. The trust has been broken between the consumer and provider, and has been pushed further apart by the fact that it took them two years to tell both users and the public of this security breach.
Data security is important for all business, big and small, and is also important for individuals. Data breaches can have catastrophic consequences and cause serious downtime.
With reports of smaller businesses increasingly being targeted by hackers, it’s important to make sure that you prevent any security breaches throughout your entire network. A breach could cause important information to be lost, but if you did not have sufficient data security protocols in place, your business could also suffer fines for non-compliance, disruption to your business and a loss of trust from current and potential customers that it could take years to recover from.
A risk assessment of your business’ infrastructure and its key business processes is the first step you’ll need to take when looking to improve your data security.
After this, you’ll need to develop a comprehensive data security policy, which should be disseminated to your employees and promoted by senior management. Employees should also be given training sessions on your data security policy, so that they fully understand it and the implications any breach of cyber security could have for your business.
Regulators require data policies as standard, but clients may also find comfort in the fact that you are doing all you can to protect their data.
Once your policy is in place, it’s important that you monitor all aspects of your system to make sure that your security system is working as it should. This includes things such as compliance monitoring, intrusion detection management and perimeter management. Control Esc do offer fully inclusive security packages, to ensure all these requirements are met.
Yahoo’s reputation has taken a serious knock after the announcement of this security breach. Will their reputation ever fully recover? Only time will tell. It’s a reminder to all of us that, with the ever-present threat of hackers, every business should have data security as a top priority.
Want to chat about your data security? Control Esc has security experts who would be happy to take your call — get in touch today on 02071003650.