Following a security breach like the recent ‘Kiddicare.com’ hack, the security impact of such exposure isn’t limited to an individual’s personal details; it can also have serious financial and reputational implications for the company. Customers that entrust their private information to an online provider should be able to rest safely in the knowledge it is kept in a secure manner; and all companies who handle private data have a duty to secure it.
In this particular case, the leaked data contains information such as customer names, delivery addresses, phone numbers and e-mail addresses. Cybercriminals have the opportunity to use this information to steal personal identities or more. Unfortunately, once a breach of this nature has occurred, there is not much that can be done about the leaked data. While Kiddicare.com has taken the precaution of resetting customers’ passwords, the chances are that many will use the same password across multiple online accounts. So it’s important that Kiddicare customers take steps to change the password for other online accounts where they have used the same password.
Additionally, it has been noted that a number of customers have received phishing communication. Before clicking links,consumers must think carefully about whether the emails they receive are legitimate. I would caution against clicking links in e-mails – it’s always better to type the website address manually, to avoid the risk of being redirected to a phishing site. In this particular instance, customers were notified of the potential phishing email, before the breach occurred, and the company posted an FAQ on its web site. The company also notified the Information Commissioner’s Office of the breach. It’s good to see a company taking steps to proactively notifying its customers of the security breach. It’s very important that customers are kept up-to-date at all times when their data has been compromised, so that they can take steps to reduce any knock-on effects of a security breach.
Whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures businesses can take in order to provide thorough protection. These include running fully updated software, performing regular security audits on website code and running penetration tests on corporate infrastructure. It’s also vital that companies implement an education programme, to raise security awareness among employees. The best way for organisations to combat cyber-attacks is at the beginning; by having an effective cyber-security strategy in place before the company becomes a target.
[su_box title=”About David Emm” style=”noise” box_color=”#336588″][short_info id=’60695′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.