Business Data Breach - Lessons Learned from Yahoo

Business Data Breach - Lessons Learned from Yahoo | HTR

Yahoo’s deal with Verizon has gotten pretty sticky with the record-breaking haul of over 500 million password-protected Yahoo accounts by unknown assailants. Multiple lawsuits have been filed by Yahoo users concerned about the use of personal information and the risk of identity theft. As of today, it is uncertain whether or not the $4.8 billion deal will be lowered or Verizon will walk away from Yahoo all together.

Fortunately for you, this is a case study of what not to do and will be setting a precedent of “who is responsible for what” when all the dust settles, if the Verizon-Yahoo deal moves forward.

“Data breaches on the scale of Yahoo are the security equivalent of ecological disasters,” according to Matt Blaze, Security Researcher with the University of Pennsylvania.

Data Protection Guidelines

Encrypt All Passwords

Yahoo claimed that a majority of their passwords were encrypted and believed they were difficult to unscramble. Guess what? They were not and now, after two years of potential exposure, users are unsure about the safety of their account.

Ensure that your encryption is at the highest level possible by working with a cyber security expert to analyze and make recommendations to your process.

Ensure Passwords are Strong

As the saying goes, “a long password is a strong password.” Most security experts are recommending 14 characters with a combination of lower and upper case letters, symbols, and numbers.

Formulate Cybersecurity Protocols, Policies, and Procedures

Make it mandatory that all employees change their password every 90 days. As soon as an employee is terminated, revoke all access to any of the company data, including their computer, cloud, and email system.

Train every employee on the three “Ps” and share with them the repercussions of violating said policies and procedures. For example, you have a policy that passwords may not be kept at their workstation or on an unlocked mobile device. If an employee is found to violate that policy, the first offense might be a written warning while the second one could be termination from the company.

Remind Employees About the Cost of a Breach

According to IBM Security and The Ponemon Institute 2016 Cost of Data Breach report, in many cases, the cost of reparations for a breach is $158 per record, which in Yahoo’s case, would be $79 billion!

It is important that all employees understand the measurable impact a breach including lost confidence in the business and lost employee productivity due to inaccessibility of the data.

Be Transparent

Even with all these measures, it is still likely your company will experience some sort of data breach. Unlike Yahoo, who may have held this breach information for 2+ years, share with employees, vendors, and customers the pertinent issue about the breach and the company plan to protect their data in the future.

Hartford Technology Rental Understand Your Business Needs

Contact us at 888-520-5667 and we will provide the right rental solution for your organization. In addition, all our rentals have up-to-date antivirus software to help safeguard your data from cyber criminals!