7 questions to ask yourself as a business owner after 150 million individuals have their data leaked
150 million individuals have their data leaked by a Fitness App. Data leaks are a common issue that continues to go on and on. Each time more and more money and time is lost by people, companies, and governments in fixing, patching, strengthening and understanding why it went wrong this time.
Let’s look at the positives on the latest data breach
- The data breach was reported to all users within 4 days of the hack being discovered, and that was only a month after they believe it occurred
- The passwords were all stored using encryption, although some the encryption was a lower level than it could have been.
- Only usernames emails and encrypted passwords were exposed, no personal information such as date of birth, credit cards, height or weight
As yet the Under Armour (who own the MyFitnessPal app) have yet to confirm the cause, although speculation is that it was due to user clicking an infected email attachment. User training on security is becoming more and more important, if you don’t have a training program for your team that is run at least annually you are putting your customers at risk. As firewalls and antivirus and spam detectors have become more and more robust, the hackers are also adapting with more and more elegant and creative ways to get the link to the user.
Things to think about as a business
- If you allow any (and we mean any) employee to connect their own device to your wifi, is that wifi separate from the corporate network ?
- If you have any corporate mobile devices, are you monitoring the patch, firewall and antivirus status of the devices, what access to other physical ports are allowed?
- What intelligent devices do you have on your network that are connecting and talking with the outside world, are they on a separate network ?
- Are there any physical network cabling / ports in public places, are they disconnected or protected ?
- How are you monitoring the training of staff on their security awareness, is cybersecurity awareness part of a new starters induction ?
- Consider unwanted people that might enter the building, are staff aware of which doors should be kept closed ?
- How would you detect a data breach ?
If you don’t have the answer to these 7 questions our security consultancy services are available to assist.