Data security lessons from Mark Zuckerberg
Posted 27 Jun 16 by Guy Underwood
Well, it’s been a couple of weeks since the world was horrified to learn that Mark Zuckerberg, the CEO of Facebook, had his Twitter and Pinterest accounts hacked in a data breach that dates back to 2012. The breach itself as not what shocked people so much but the apparent lack of security around the structure of his own personal password.
I am sure that at the time, most of us took time to reflect on the appropriateness or otherwise of our own passwords – although I am sure that most people did nothing about them as they already have too many passwords to remember!
What often gets overlooked in these types of situations – particularly in a business context – is the potential damage that a data breach can cause on your organisation. For example, if some-one was able to hack your organisation’s social media channels, what type of negative or inappropriate messages could the disseminate seemingly on your behalf? Or if your billing system was compromised, what sensitive customer information could be sold on the black market to criminals?
We live in an age of data and generally speaking, our systems are well prepared against most types of intrusions. However, the most common weakness still remains – people. Employees continue to open emails purporting to relate to a lottery win but which in fact contains ransomware that hijacks the company’s website. Or they fail to change their passwords regularly or worse, share them with their colleagues at work.
It is important for organisations to remember the role that people play in protecting an organisation’s data and therefore they should ensure that they have the appropriate policies and procedures in place and that their staff are trained in those policies and processes. They should also be regularly informed of trends in hacking and things to look out for when dealing with emails from suspicious sources.
Even more importantly, organisations should undertake regular risk assessments of the information security protocols and ensure that they are adequate for their risk environment. Failure to do so can leave any organisation vulnerable to significant reputation and financial damage. Whist controls such as cyber insurance may cover direct financial losses, it is far harder to repair damage to an organisation’s reputation in the marketplace.