Over the past two weeks, we’ve talked about 2013’s Target hack. If you haven’t read those blog posts, go check them out now! Today, we’re talking about what we’ve learned from the Target hack and how we apply it to our security measures.
The first issue in this incident was the HVAC contractor losing login credentials to the hackers. This is why we protect passwords and login information so vigilantly. At Sterling Ideas, we provide our clients with password managers, we educate staff about phishing, we provide anti-phishing tools, and we ensure that passwords meet certain security requirements. Your passwords protect your information, so we protect your passwords.
Once the hackers gained access to the contractor’s systems, they had access to Target’s payment systems. That’s a problem. Target’s systems should have had more protections. At Sterling Ideas, we implement multi-factor authentication protections to add another layer of security to logins. We also segment our clients’ networks. What exactly does that mean? In short, we put different systems on different networks so that if one system is compromised, the incident is contained to that specific network and cannot spread to other systems. So, in the worst case scenario that a system gets hacked, the damage is as contained as possible.
Lastly, the systems that were used as drop points for the stolen information should have been monitored more closely. At Sterling Ideas, we have antivirus and advanced threat detection systems that are constantly searching out unwarranted activity in ours and our clients’ systems and immediately alert us to any unknown activity. Criminal activity should never go undetected.
It may be slightly disconcerting to you to read that Target was not the only company with less-than-stellar security in this incident. Never make the mistake of thinking that your company is too small to be hacked. It’s just not true. If you’re not the Target of the hack, you could be the contractor or the drop point. If you have data, the means to store data, or an access point to data, you need some serious security.
We can help. We want to see your business flourish. We want to see your information protected. That can only happen if your systems are protected. We study incidents like these and apply what we learn to our systems to protect you against events like this. Call us today, and we’ll get started.