News that 500 million Yahoo account holders had their data stolen in 2014 is definitely bad for those who use the email service, but it’s also of concern to businesses because of bad habits and what could happen in the aftermath of the breach. The news is bound to stimulate more dark activity and makes a layered approach to security, including password management best practices, more important than ever.
Cybercriminals will look upon the Yahoo breach as a further opportunity harm, and security experts predict a wave of phishing activity related to the breach. Yahoo’s own emailed instructions to users on securing their accounts may unwittingly have provided fodder for subsequent scams by instructing users to log in to their accounts via a link in the email. Phishing scams may emerge that resemble the email and send people to a fake Yahoo-branded web page where they will unknowingly give up their new password.
Managing multiple accounts is cumbersome, and many people use the same password for all their accounts, whether they are personal or business-related. If the breach occurred in 2014, then who knows how the information has already been sold on the cyber black market and how it might provide access to business data and networks. If the predicted wave of phishing emails reaches people through their work email, they may not consider it peculiar, and they may click a link thinking they are taking a positive action instead of opening up their corporate network to cyber criminals.
Small and medium-sized businesses do not think they will be the target of a cyberattack, despite the prevalence of cybercrime stories in the news and from people they know in their communities. Many companies have not taken the threat of a cyber invasion seriously enough to allocate the resources needed to implement adequate policies, procedures and training to thwart an illegal entry. Unless they are educated about what to look for and how to respond, trusting employees are weak links in their company’s layers of defense.
Use the news of the Yahoo breach as an opportunity to teach employees about good password management. Not only should passwords not be shared for personal and business accounts, each account should have its own unique password. Long passwords that contain a combination of letters, numbers and special characters are harder for automated systems to crack than shorter passwords. Never insert your personal information, such as your birthday or a piece of your address, into a password. Consider using a password manager where you need just one master password.
Download: Cybersecurity Guidelines for Security Behavior Online and in the Office
Training employees to have good cybersecurity behavior, such as good password management practices, is essential to any company's security strategy. The technical aspects of cybersecurity - firewalls, intrusion detection systems, malware scanners, and anti-spam protection - make up other important layers of a comprehensive security approach.
For Thriveon, security is one of the seven essential facets of an effective IT strategy. If you have never had a business and IT strategy conversation with your IT support company, then it might be a sign that you have outgrown their services. Contact us to request a meeting to explore how what we do might be a fit for your business.