6 Steps to Protect Against a Data Breach
2014 wasn't a great year for retailers … at least, not if you were one of the many retailers that were hacked. Many retailers found themselves unprepared to deal with the aftermath of a hack, and likely could have done more in advance to protect customer data. As we move through 2015, every retailer should evaluate their cyber security strategy to avoid becoming another statistic. Below are six tips on how to mitigate the risk of a data breach so you can responsibly protect your company and its customers:
1. Implement two-factor authentication systems where possible. Two-factor authentication puts another barrier between your data and a hacker. Using two-factor authentication requires that a person have both the login information (username and password) and additional proof — e.g., a generated code, fingerprint, confirmation of a security notification. Even if a password is compromised, another step is required before someone can gain access to a system. Dozens of web services and many internal systems are now built to support two-factor authentication, and it's critical to stopping the advancement of an attack.
2. Change all passwords to randomized, stronger ones you don't know. All too often, attackers can easily gain access to a system due to a default password being left in place after installation or using a password that's reused in multiple apps. Ensure that every system and service has been updated with a strong, unique password, and that passwords are changed regularly, including when employees leave. You never want to know passwords, because if you or your employees know them, they can be phished from them. Consider implementing a password management system with single sign-on to help everyone comply with the company's security efforts.
3. Employ a hashing mechanism to better protect stored customer passwords. Rather than "storing" passwords in any form, retailers should modify systems to use a "hashing" algorithm to authenticate users. For example, when a customer creates an account and a password, a hashing algorithm is used to create a "key" that's then stored in a database. The next time the customer tries to log in, the algorithm is performed.
