Home Depot announced on Thursday that hackers who stole 56 million customer credit and debit card accounts also made off with 53 million customer email addresses. Home Depot stressed that the files containing the stolen email addresses did not contain passwords, payment card information or other sensitive personal information. However, that will not stop cyber thieves from trying to steal that information directly from customers by way of phishing attacks.
An example would be a Home Depot “survey” that offers a gift card for the first 10,000 people who open the virus-laden attachment. If someone in your business opens one of these attachments, it could expose your entire business to whatever virus or malware is contained in the phishing email.
In other cyber security news: The U.S. Postal Service today announced a breach into its information systems. Cybercriminals stole personal information from about 500,000 USPS employees as well as data on customers who contacted its call center from January through mid-August. USPS said its transactional revenue systems in post offices as well as on usps.com have not been affected by the incident, and there is no evidence that any customer credit card information from retail or online purchases was compromised. But all the cyber crooks need is an email address to launch a very effective phishing campaign.
The Associated Press today reported U.S. Computer Emergency Readiness Team (CERT) data revealed the number of reported breaches just on federal computer networks rose from 26,942 in 2009 to 46,605 in 2013 — 21% of those breaches can be traced to human error (i.e. successful phishing attacks).
Businesses must be prepared to defend themselves against cyber attacks and employees are the first line of defense. Teaching employees to be aware of an organization’s security requirements can be one of the most effective ways to enhance your company’s overall security posture. Employees are a key link in the security of a business’ technology infrastructure and company data. Without end-user training on security best practices and policies, it is impossible to secure your information resources or ensure data privacy.
Contact ACE IT Solutions at 646.558.5575 to schedule employee security awareness training and get a free copy of our Safe Internet Use Manual for your employees.