By now you may well have heard about the horror show that is the Yahoo data breach.
While at one time, hacking was largely a thing you saw in films, it seems that cybercrime is becoming part and parcel of just about every walk of life these days. Just this month, Russian hackers broke into the World Anti-Doping Agency website and released confidential files of 25 Olympic athletes.
This Yahoo breach, however, is on a somewhat larger scale.
What is the Yahoo data breach?
After much speculation, online giants Yahoo recently confirmed that their databases, which contain user data, had been hacked back in 2014. However, the potential damage was much worse than was previously thought, with at least 500 million user accounts potentially at risk.
Here’s what the company had to say:
“We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored act. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored act is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.”
What to do if you’re a Yahoo member
If you have (or have ever had) a Yahoo account, here are some steps you can take to safeguard your data now and in the future…
- Change your passwords – do this across everything, not just your Yahoo account, just to be on the safe side.
- Clear out your emails – don’t have any information in any of your folders you don’t want people to see.
- Be extra vigilant – if you see any potential scam emails, then just delete them.
Advice for companies on avoiding a data breach
For companies who exist on the internet in some way (so pretty much all of them), the Yahoo data breach is a reminder of the very real dangers of cybercrime. Here are some tips for businesses who want to beef up their online security and help guard against a similar cyberattack.
We all know how important having passwords for all our online accounts is, but we still need to ensure we use them correctly. According to this infographic, 21% of us use passwords that are over 10 years old, and we’d wager most people use passwords that are repeated across several websites.
Obviously this isn’t good practice, so ensure passwords are regularly updated, difficult to guess and don’t use the same one for several sites. Using a password management system such as LastPass or OneLogin can help you keep them all safe and secure so you don’t forget them.
Switch to Gmail
While most email providers put adequate steps in place to combat hacking and cybercrime, it’s often sensible to go with the big mail providers such as Gmail or Apple. Granted, they’re not invulnerable, and they may be a bigger target for hackers, but they’re much better placed to deal with such attacks.
Add an extra layer of authentication
If you’re concerned that passwords aren’t enough to keep your data safe, then many websites and companies offer Two Factor Authentication or 2FA. With 2FA you have to provide a second instance of authentication to prove you’re authorised to access the information. This website lists the various sites that provide 2FA.
You can also add an extra layer of encryption to your emails using a PGP key so that only the intended recipient can decrypt your emails, and of course you should already have things like antivirus and firewall software in place.
Update apps and software
Changes and updates are made to apps and software all the time, and part of the reason for this is to guard against new security threats, so ensure that all of yours are running the latest version.
Back everything up
Storing all of your company’s data and information in just one place is asking for trouble. If your employees work on computers, then ensure they back everything up to a cloud-based server, such as Dropbox or Google Drive, so it can be easily recovered.
For the most important of data, use a USB stick or external hard drive and lock it away somewhere safe.
Training your staff is essential
According to the Department for Business, Innovation and Skills’ 2015 Information Security Breaches Survey, 50% of the worst security breaches at work are the result of human error, complacency or lack of knowledge.
Vigilance is needed at all times from every member of your staff, so ensure they’re well trained and clued up on best practices and how to identify potential breaches. Understanding the threats is a huge part of learning how to beat them.
Check out our other article for more tips on how you can beat the hackers and improve cybersecurity at work.