How Would It Cost Your Business If This Happened To You?
Have you read the news? According to Reuters, Under Armour Inc., headquartered in Baltimore, Maryland, recently suffered a breach of the private information for their 150 million MyFitnessPal app users.
This is the largest breach this year according to experts. It included account usernames, email addresses, and passwords. Lucky for them, Social Security numbers, driver license numbers, and payment card data weren’t stolen like they usually are in data breaches of this kind.
Once again we learn that keeping up to date on cybersecurity, changing passwords often, and using an IT support provider to implement a layered approach to security is essential if you want your business to stay safe in today’s digital world.
Perhaps, if Under Armour had used these services, they could have prevented this breach. Now, their reputation has been ruined.
Would you trust your private data to them?
With so many data breaches today, they should have known better and considered the privacy of their customers. How can they salvage their creditability now?
As a business technology professional, I know that data protection costs much less than what I’d face from a breach – legal liability, fines, and lost customers.
With the rising number of cyber thefts, numerous lawsuits have been filed against businesses like Under Armour. In the last few years, data breaches have become so prevalent that it’s almost commonplace to hear that a company has been breached.
Learning that all their personal information is in the hands of thieves causes a significant change in the behavior of customers. One study found that consumers who learned of a data breach at their favorite retail store significantly cut back on their purchases.
With over 1,500 data breaches in 2017, consumers responded in this way:
I know that my business has the best cybersecurity and IT management that money can buy. I take full responsibility for this and all my customers’ private data.
After what I’ve learned, this is what I would tell the CEO of Under Armour, and others to do from now on:
Protecting your security isn’t only a job for your IT support provider but one for you as a CEO as well. You must understand that any interruption in your information systems can hinder your operations, negatively impact your reputation, and compromise your customers’ private data.
Many CEOs don’t fully understand this. They spend their energy developing new products and services and managing current ones. Security comes in second. Maybe they’re unaware of the risks or feel that it’s solely an IT concern. Some may not be very technical and fear to discuss what could be an intimidating topic, but this isn’t wise.
The Department of Homeland Security recommends five questions that CEOs should ask themselves to lower the risk of cyber attacks:
1) What is the current level and business impact of cyber risks to our company? What is our plan to address identified risks?
2) How is our executive leadership informed about the current level and business impact of cyber risks to our company?
3) How does our cybersecurity program apply industry standards and best practices?
4) How many and what types of cyber incidents do we detect in a normal week? What is the threshold for notifying our executive leadership?
5) How comprehensive is our cyber-incident response plan? How often is the plan tested?
We also need to train our employees on cybersecurity practices like recognizing phishing attacks and using secure passwords. The folks at OneSource handle this for us. Here are some of the topics they cover:
Lesson 1: Ignore Ransomware-Threat Popups and Don’t Fall for Phishing Attacks.
These threats look like they’re from an official entity like the IRS or FBI. If a screen pops up that says you’ll be fined if you don’t follow their instructions, beware! If you do, the criminal will encrypt all your data and prevent you and your employees from accessing it.
Watch out for messages that:
Don’t believe messages that contain an urgent call to action:
Be on the lookout for messages that:
Watch for flags like:
Lesson 2: Always Use Secure Passwords.
Lesson 3: Keep Your Passwords Secure
Lesson 4: Backup Your Data Onsite/Remotely and Securely
If you haven’t backed up your data, and you’re attacked, it’s gone forever.
Lesson 5: Secure Open Wi-Fi with a VPN.
We have our tech support professionals train our employees a few times a year because the threats keep changing. Plus, we have them conduct Vulnerability Assessments to make sure our cybersecurity “armor” stays strong and intact.
Don’t risk your data. Keep your data secure and your employees educated. I recommend that if you’re in an area they serve, that you should contact us immediately.