Last week, if you were asked to re-log into your Facebook account, you’re not alone.
Close to 100-million users were logged out of their accounts as Facebook frantically tried to control a data breach that compromised 50-million accounts worldwide. Hackers exploited loopholes in Facebook’s ‘view as’ feature, and were able to gain control of a number of profiles equal to the population of South Korea.
The extent of the hack was hardly played down, even by Facebook’s vice president of global marketing solutions, Carolyn Everson, who called it “a sophisticated attack”. Facebook has since confirmed that its COO Sheryl Sandberg, and founder-CEO Mark Zuckerberg had their accounts compromised, such was the breadth of the attack. It emerged days later that the hack was worse than first detailed by Facebook, which also included users’ data from Instagram and third-party log-ins that utilize Facebook authentication.
Everson likened the attack to an "odorless, weightless intruder that walked in" which Facebook was only able to detect – and take subsequent safety steps - "once they [hackers] made a certain move."
Concluding her public remarks, Everson said that the hack represented “[a] significant cultural shift: Recognizing our responsibility, taking very specific actions and doing everything we can."
These final remarks remain some of the most important takeaways, considering a top executive at a tech-giant housing petabytes of personal data from its two-billion daily active users recognizes that a major data breach could potentially be fatal, even for the biggest of social media sites. That ‘cultural shift’ she refers to is a thinly veiled nod at the fact that hackers represent one of the most existential threats to businesses that are responsible for keeping their customers’ data secure.
Whether your I.T. systems house data for two-billion people or twenty, it remains your responsibility to make sure that the doors to that house remain as close to impenetrable as possible from intruders. Likewise, if your organization becomes complacent in terms of their I.T. security, you’re taking a massive risk with equally as large consequences.
It’s an old adage at this point, but remains true: it takes years and years to earn the trust of your customers, and just milliseconds to lose it when your systems become compromised.
In 2018, while thinking about data breaches, it’s not a matter of ‘if’, more so ‘when’.
Luckily, ISO27001 provides a set of procedures that right off the bat recognizes that no system – no matter how large or advanced – is ever perfect; this is especially true in our rapidly evolving technological environment. We’ve made a short video that provides an overview, as well as some of the benefits of implementing a quality management system that aims to improve the effectiveness of your online security.
Perfection – whatever the context – is something that is never easily achieved. Unfortunately, in this day and age, perfection in terms of data protection is something that is never achieved. This is by far the best way to approach the way you look at your IT systems. You may wake up on a Monday morning having one of the most effective means to combat data compromises, but by Tuesday morning, hackers may have already created a way to bypass your security measures.
ISO quality management systems are rooted in the belief that there’s always room for improvement. The more work you put in to your security system, as well as time invested into updating that system regularly, the more comfortable you can be with your expanding business as it collects data from customers that they intend to keep between them and your business; hackers need not apply.
We’ve talked previously about reverse-engineering success in both your personal and professional endeavors, as well as starting with your “why”. If you apply the same line of logic to your security procedures, when your business collects personal data of your customers – and most do – part of your core purpose, or ‘why’, needs to be committed to protecting the integrity of this data.
Matt Groening once wrote: “If you do it right, people won’t be sure you’ve done anything at all.” In terms of internet security, this quote remains one of the most relevant.
Don’t let complacency or a lack of understanding in regard to your online security be the downfall of your business. Check out how working with us and implementing an ISO 27001 system in your business could be the key ingredient in keeping your business – and the integrity of your valuable customers’ data – safe and secure in the predatory online landscape.