The Ashley Madison hack has impacted us all, account or no account. We're all vulnerable to having our private information stolen from any website and it's scary. Just because you didn't have an Ashley Madison account doesn't mean you're in the clear. What site will be hacked next? How can we protect ourselves from being hacked and how can companies increase their website security?
What We Can Learn From The Ashley Madison Hack
Ashley Madison was hacked by a group known as The Impact Team and more than 30 million people had their private information shared. The Impact Team claimed that the security for the website had always been weak, making it easy for them to obtain the personal information of its members. Private data including names, home addresses, search histories, and credit card numbers were obtained and shared online. (I'm sure you've heard all about Josh Duggar's account.) Unfortunately, we can't trust a website to be 100% secure. Our information is online and people are learning new techniques daily to hack into websites and steal data.
This happens to countless sites daily. Often times it ends up being a case of identity theft. Hackers use others' personal information to obtain money or abuse their identity. People are now wary of putting their information online and I don't blame them. When any big name site or company is hacked I immediately worry. That's why we must take the initiative and do our best to protect our identities online and offline.
Managing our online data is extremely important. There are a few things you can do to protect your private information online.
For starters, sign up for identity theft protection so you're alerted immediately when your information is used. That way you can stop the thief as early as possible.
You may also want to use a password manager to keep tabs of all your passwords. Writing them down isn't a good idea because anyone could find the paper. Also, be sure to use strong passwords for all your accounts. Password1, 123Password and pet names are the go to passwords and are immediately guessed by hackers.
Be sure to delete old profiles you no longer use so you don't have to worry about them getting hacked.
And be cautious about giving out your personal information so it doesn't get in the wrong hands. When purchasing something online, don't check the box that says save my card information. If the site gets hacked and your credit card info is saved then you're in double trouble.
So, what can companies do to protect their sites from being hacked?
Conducting regular security audits is a great place to start. Work with a professional to audit your IT infrastructure so you can determine what areas you need to secure further. Know what your assets are (in the Ashley Madison case one asset would be user information) and consider any possible threats against those assets. Then figure out how to protect against those threats. Be sure to analyze and document any decisions you make and implement the changes. Go back regularly to keep this up to date.
Companies can also hire a hacker to attempt to hack into the company so they can find vulnerabilities. Companies like Google hire full-time hackers (often referred to as ethical or white hat hackers) to find security flaws. Google can then up security for that vulnerability to prevent other hackers from getting in.
Starting with the basics, require specifics for users to sign up for an account. Require strong passwords, passwords should have 8-12 characters and include upper case, lower case, numbers and symbols. Also, implement multi-factor authentication. This can be implemented for employees as well.
Don't ask customers for information you don't need. If you don't need to know a user's birthday, don't ask for it. If you don't need to know their gender, don't ask. In the case that the company's site does get hacked, the hacker won't have all their personal information.
Back up the company's data. If the data gets destroyed, lost, stolen, etc. you'll want a copy so you aren't completely out of the game. If a hacker does break-in, you may be able to shut down your site for a short period of time so you can get things back under control and if they've done some major damage, you can use your back up to get you back up and running.
The scary thing is, no one is safe from hackers. Anyone can learn how to hack and anyone can become a professional.
In 12 months, 110 million Americans had their personal information exposed due to hackers. That's almost the entire population of the east coast in the U.S. No one is safe from these hackers. That's why companies must take action and we, as Internet users, must take precautions as well. Do your best to keep your personal information private.
Do you have any tips for companies or other Internet users?