The news that Yahoo was hacked and over a half-billion users’ information exposed is only the latest and most extreme case of system intrusion for the embattled company. Yahoo had security problems for years, it was the subject for a 2010 hack, and has not done enough about it. Yahoo was slower to invest in the kinds of defenses necessary to thwart sophisticated hackers that are now considered standard.
Reasons for not shoring up their security systems are familiar to most businesses: costs and difficulty and/or unwillingness to compel users to improve their own online hygiene — they didn’t want to deal with the inconveniences of cybersecurity. Now the company gets to deal with the inconveniences of a large hack and the associated costs, which will affect their reputation as well as their bottom line. Yahoo is facing several class-action lawsuits over their numerous breaches.
Some basic steps that SMBs can that Yahoo did not:
- Encryption – When encryption is done right security will be greatly strengthened with little inconvenience to users. And businesses will still have the ability to index and search message data.
- Intrusion detection – Services like Advanced Threat Assessments will help identify the presence of a previously unknown intruder or malware and give you a complete roadmap to implement additional security controls to better be able to resist and respond to future attacks.
- Proper password policies – Following best practices for password management isn’t an inconvenience to users. What is an inconvenience is having their personal information stolen.
- Involve everyone in the company in cyber awareness, from C-level execs to third-party contractors – Former Yahoo employees have complained about a disconnect between CEO Mayer and the security team.
- Make Cybersecurity a priority, not a second-thought – Cybersecurity isn’t glamorous, it isn’t always outwardly visible benefit to clients, but, trust us, it pays off in the long run. A breach could cost you hundreds per lost record, not to mention serious damage to your reputation.
We understand that each business has a different risk tolerance and budget. ACE IT Solutions has cybersecurity solutions to meet each client’s specific needs. Contact us using the form below to schedule a complimentary security consultation. Our cybersecurity experts can make sure you have the proper solutions in place to protect your systems against hackers.