How to best respond to a data breach
Did you make a resolution to join a gym in 2019? That’s probably the generic go-to pledge. If you did, however, and if you ever bought equipment from Bodybuilding.com’s online store, your data might have been put at risk. We often see how an organization’s employees can be the weakest link in the security chain, and that seems to be the case here as well. Phishing scams only take one person clicking to work, giving hackers illicit access to IT systems.
At the very least, organizations are becoming more aware of this type of weakness in greater numbers. According to a 2018 survey from Dark Reading, polling around 300 IT and security leaders, more organizations expect to encounter data breaches in 2019 than in the previous study. Specifically, when weighing the threat between internal and external factors, 61% of respondents believe negligence from an end user or employee will be to blame. Clicking on a phishing scam, for example, would qualify.
The survey concludes that more companies are concerned about their breach vulnerability than ever before. However, it is important to consider that these concerns are born from heightened awareness, which is a positive. More headlines mean more executives and their security teams paying attention to this critical area of data protection. Hand in hand with this attention should also come better knowledge and efficiency—ideally. Unfortunately, on this front respondents expressed a lesser confidence. The numbers on how many think their organization’s employees and managers are security-savvy were lower than in 2017. In fact, they go so far to say managers might even be getting worse at understanding the impact of breaches to a business.
Concerning Bodybuilding.com, they have actually responded quite appropriately to their situation. Other breached companies should take note. For starters, they notified all their customers, despite not having confirmed whether any customer data was stolen. Extra cautious, they also reset user passwords. Bodybuilding.com also adhered to the tenet of eschewing collection of superfluous data for data’s sake: as a result, no Social Security numbers or card information is at risk. Last but not least, they have apparently gone the extra mile to warn users of phishers possibly imitating these data breach disclosures in order to access more valuable information.
More organizations expect to be breached this year, states the survey. When they are, and even before then, they should take care to follow similar practices as these, to mitigate the damage both to their customers and themselves.