How To Prevent Data Breaches

Prevent Data Breaches

The recent catastrophic data breach at Target has highlighted to businesses large and small the very real problem of cyber-attack on modern commerce. To further add to Target’s woes, their breach notifications to customers were a perfect example of what not to do and were wrong on pretty much every level.

Users are forever being warned not to click links in email messages which appear to be from large financial institutions and the like. These are often phishing scams and in the wake of a really monumental data breach they will often appear in droves. Many actually look legitimate and very convincing but security experts insist that a reputable company would not send out such emails to its clients with a request to click on a link. Unfortunately, Target did exactly that.

Their email actually went out to people who were not even Target customers, making it look even more dubious. Suspicions were further aroused by the use of a shady-looking subdomain, “target.bfi0.com” and requests for users to click on a link which appeared to be a list of random gibberish. Furthermore, the email address used to send out the mailshot looked suspicious in the extreme. In short, this perfectly genuine breach notification email sent out by Target could easily be mistaken for a well-executed phishing attack. Consequently, Target is now struggling to rebuild not only its customer trust but now its own credibility.

Learn from Target’s catastrophic error of judgment and don’t make the same mistake if your company is ever in the unfortunate position of having to notify customers of a security breach. Your notification email should originate from a domain that is instantly recognisable as your company. For example, my Web domain is “theladywriter.co.uk”, so my notification email would be sent from “relevantaddress@theladywriter.co.uk”.

The notification should state clearly what has occurred and offer a simple explanation as to what information has been compromised. You should advise customers as to what they should do to determine whether or not they have been affected and how to protect their personal data. By all means offer a telephone number for customers to call for reassurance and further information, but under no circumstances include a link that customers are expected to click on.

Data breaches unfortunately do happen despite the best efforts of companies to avoid cyber-terrorism and hacking. When they do occur though, it’s vital that businesses respond appropriately and correctly; unlike Target who unwittingly just made a bad situation ten times worse.

Image: Shutterstock

More about: security, data, breach, data-loss

Recommended Posts | Data Loss Prevention

Document Fingerprinting

Prevent Data Loss with Document Fingerprinting

Employees in your organization handle different types of sensitive information each day. Document fingerprinting protects` your organizations sensitive data and identify all standard sensitive data forms your company uses. Therefore, document fingerprinting protects your sensitive data ...
Know About Cyber Security

8 Things Your Employees Need to Know About Cyber Security

Cyber crimes and data breaches have become a weekly event in the news. However, this is not the only problem. The networks breached by cyber criminals leave more people’s data exposed. Unfortunately, cyber criminals gain access to corporate networks because of employee’s negligence or ignorance ...
Prevent Data Loss

Prevent Data Loss: How To Use Backups?

Have you backed up your computers recently? Do you have multiple copies of your data? Have you stored your backups in more than one location? When a company experiences data loss, it happens for only one reason. Data loss is human error and bad planning. Prevent data loss by setting up a data backup ...
Ponemon’s Data Security Learnings

Ponemon’s Data Security Learnings

The Ponemon Insitute, responsible for research into data security, has recently published the results of their 2015 study regarding the security of healthcare data. We can learn a lot from the institute’s findings and it has become clear that the people responsible for healthcare data ...