IT Security Best Practices: Lessons Learned from Facebook’s Security Breach
Millions of users’ data left vulnerable. A familiar story. Data breach headlines have become all too common. Although it’s not necessarily time to change your Facebook password again, it is time to analyze IT security best practices and find IT service providers that can help your company secure its data and reputation.
Vulnerable Data and Its Cost
Facebook recently announced that hundreds of millions of users’ account information was left exposed. In spite of what NTT DATA Business Solutions experts agree are IT security best practices, Facebook stored the user logins and passwords in plaintext. This could have allowed anyone to easily read the data and associate usernames with their passwords. The information may have been exposed to thousands of Facebook employees. Although the data apparently never left the company, it was a stark reminder of the challenges many companies face with user data and privacy both internally and externally.
You may have questions about data protection against both internal and external threats. NTT DATA Business Solutions is positioned as a trusted consultant and provider of solutions for companies looking to secure their data.
Last year we discussed the penalties associated with the recent GDPR regulation and how they make the mistreatment of data costly. There are two tiers of fines: the highest tier could potentially lead to a company being fined up to four percent of their global annual revenue or 20 million euros, whichever amount is higher. As GDPR compliance grows NTT DATA Business Solutions also provides future-proof solutions for regulations to come.
NTT DATA Business Solutions follows IT security best practices and provides solutions, advice, and services to protect companies from data breaches. With NTT DATA Business Solutions as your partner, you have a source expertise to help you protect your reputation. Our data centers around the world have the highest level of safety accreditation because our customer relationship is based on trust. But how difficult is it to secure sensitive data?
I would suggest that sensitive data, such as the breached Facebook login information, should always be hashed and salted. When account login information goes through this process, it is not readable by hackers or even employees because the information is run through an algorithm that encrypts the data. As a user, your login data is no longer directly associated with you. This technique protects against numerous kinds of attacks.
Our experience suggests that hackers can use spray and dictionary attacks to gain access to user accounts. Spray attacks try to hack into your account through trying commonly used low-security passwords such as ‘password’ or ‘123456’. This is often why system administrators encourage using password phrases. But dictionary attacks work around that and use both words and phrases from a dictionary database in an attempt to gain access. This is where the NTT DATA Business Solutions recommendation and IT security best practice of hashing and salting comes in, because encrypted user information can prevent access to personal data even if it leaks within the company.
The expertise to help you find solutions and approaches to prevent these kinds of breaches is what NTT DATA Business Solutions can offer. For companies, data breaches can hurt not just their bottom line but also their brand’s reputation.
Corporate Data Leaks
In 2013, 3 billion Yahoo! accounts were breached. A year later, another 500 million were breached at the same company. Marriott/Starwood revealed that 500 million guests’ information was copied, including passport numbers, in 2016. Friend Finder Networks, an adult dating company, leaked 412 million users’ data, including information from users who thought they deleted their data from the service. And in 2017, Equifax, a consumer credit rating service, was hacked, exposing 146 million accounts.* Even if your company is not storing millions of users’ data, it remains important to be able to protect data.
Contact NTT DATA Business Solutions for more about keeping your data safe.