Jesse Willms: We Protect Our Customers’ Data
Posted by Jesse Willms on May 06, 2011
I’ve spoken before about the need to have a system in place that protects your customers’ private data. This is a mission-critical objective – yet one that many companies ignore, because they don’t think they will ever become a victim of a malicious or criminal hacker attack.
They are wrong. Everyone is vulnerable – unless you take the proper steps to protect yourself, your company and your customers.
I was reminded this week when I read about the leak at Last Pass. For those of you who don’t know, Last Pass is a plug-in for your browser that allows you to store all of your passwords with them.
That way, when you go to a site you’ve registered for, you don’t have to remember your password every single time. The system simply signs you in automatically. It offers a very convenient service to its customers.
But this week, Last Pass was hit by hackers who managed to steal the encrypted passwords and email addresses of thousands of Last Pass members. While the data was somewhat encrypted with hashtags, it won’t take very long for whomever stole the data to force their way through the decryption.
All Last Pass can do now is ask their customers to change their passwords for all of their sites, and hope and pray that the person who has stolen this valuable data doesn’t empty their bank accounts before they can put in new passwords.
This not only will hurt the people who use Last Pass; it could also cause serious financial damage to their customers. If nothing else, Last Pass’ reputation will be tarnished for a long time.
The thing is, this could have been both predicted and prevented. Hackers have long shown that one of their main goals is to get email and password information from sites. Just a few months ago, hackers were able to steal tens of thousands of passwords and email from people who had registered for Gawker Media sites.
What happens once, history proves, will almost always happen again. The solution is to build the strongest firewalls you can into your site. Then, you need to add levels of encryption that cannot be broken by brute force attacks.
Finally, you need to monitor your site traffic so that you can become aware when unusual traffic patterns – which almost always signal a hacker attack – are occurring, and block them before they get into your system.
Doing so will cost your company some extra money in the short term, but it will protect your reputation and your customers for years to come.