A new day, a new data breach. Each one seemingly worse than the one before it. And while we’ve had our share of shocking data breaches, two of the biggest data breaches of recent years can teach us valuable business lessons on how to manage them.
Every digital property is a potential target for a data breach. But, as these examples teach us, how a company manages a security incident makes all the difference.
Although Yahoo’s has had a few data breaches in recent years, it took them years to report them to the public. And even longer to acknowledge the breadth of the breach. Yahoo users had no idea that their information had been floating around the web for years.
Breaches that took place back in 2013 and 2014 didn’t come to light until 2016 and 2017 and were only disclosed when Yahoo was being acquired by Verizon.
Yahoo took a major hit on customers’ trust. Not only because they didn’t disclose the breach promptly, but because it didn’t address the vulnerabilities, allowing hackers to get back in.
If your company finds itself victim of a data breach: 1. Close the breach ASAP 2. Find the core vulnerability and protect it 3. Get your PR team involved 4. Let all users know what happened and how you’re going to protect their information moving forward.
On the flip side, Gmail experienced a sophisticated data breach in 2017 that could have been catastrophic – but was exquisitely managed.
In May 2017, Gmail users received an email from a trusted contact asking them to check out a Google doc file. Clicking on the link took them to a real Google security page, where users were asked to give permission for the fake app to manage users’ email account.
Once it was in, the worm sent itself out to all the affected users’ contacts — Gmail or otherwise — reproducing itself hundreds of times any time a single user fell for it.
The vulnerability was only exposed for about an hour, affecting “fewer than 0.1 percent of Gmail users” according to a Google spokesperson – which would still be about 1 million of the service’s roughly 1 billion users worldwide.
The Gmail team disabled the malicious accounts and pushed security updates to all users. And started talking to media. They not only disarmed a situation that could have exposed sensitive information of millions of users but were honest about what had happened. They made the media their allies to increase brand trust, turning a vulnerability into an opportunity to show how they take care of their users.
The best way to protect your business from a data breach is to take care of your database health. Contact us today for a free database evaluation!