6 Steps to Protect Against a Data Breach
If the "key" in the database matches the "key" generated by the password the customer entered, access is granted. This prevents retailers from directly storing sensitive password information, and better protects customer data in a breach. To combat attacks, retailers should adopt leading technology, like the PBKDF2 hashing algorithm using a minimum of 100,000 rounds of hashing. This is known as "key strengthening" and companies should be prepared to upgrade that number in the future.
4. Follow breaches, and lock out users who have reused passwords. Follow breaches and use leaked password credentials and user names to check your applications. Lock out users who have reused a password that's been leaked publicly. When you lock them out, notify them of this, and how terrible an idea it is to reuse a password and recommend a password manager for them to install.
5. Invest in security in advance, not after the fact. According to a study released by the Ponemon Institute, the average data breach in 2014 cost $3.5 million, a 15 percent increase from the year prior. This number will likely continue to rise. Investigating, responding to and resolving a cybersecurity incident is time intensive and costly. Damage to your brand and reputation is also significant, and companies must spend heavily to regain trust. Having a security strategy in place with effective tools and an incident response team is critical to mitigating risk and reducing potential damage from a data breach, including financial loss.
6. Help employees understand risk and report issues. Educate employees on an ongoing basis about the different types of attacks, how to spot malicious websites and emails, and what your company's security policies are. And don't just rely on dry PowerPoint presentations. Sit down with employees one-on-one and show them what a phishing attack looks like. Regularly put employee knowledge to the test and do assessments to find weaknesses in your own systems. You should also ensure your IT department (or person) is proactively applying patches for all systems and software in use, and that employees have assistance when they must apply patches, too.