VTech has joined the increasingly long line of organizations facing a rather bleak end to 2015, as it becomes the latest to suffer a high-profile data breach. See my earlier blog on the 12 days of data breaches for a lamentable list of organizations who have systematically failed to protect people’s most important and private information. What’s most concerning about the VTech breach is the nature of the information stolen – Not just parent’s private information (for over 5 million parents), but children’s profiles – over 6 million of them and data that includes chat logs, kids photos and more.
VTech is a leading maker of children’s interactive and learning toys – including LeapFrog, LeapReader among others. With children among the most vulnerable to identity theft (How many parents watch their children’s credit records as closely as they do their own?), this is especially bad news.
As cyber attacks have become an inevitable reality, and there is no shortage of examples of the damage that lax security can do, the VTech breach highlights yet again that organizations should be focusing on making sure sensitive data remains protected when (not if) it falls into the wrong hands – and encryption with access control is critical to achieving this. Cybersecurity awareness and controls are now a critical component in business success as our CEO Alan Kessler recently highlighted on this blog. In the past, encryption was deployed to protect only what businesses were forced to protect information to meet compliance requirements. Now, adopting a default strategy of ‘encrypt everything’ is quickly becoming the only reasonable way to retain the upper-hand in the fight against cybercrime. And this is true not only for companies serious about safeguarding customer data and financial assets, but also their own intellectual property. The combination of encryption with access controls dramatically reduces the damage that hackers can cause. If attackers steal an encrypted data file, it’s virtually useless to them since they don’t have the key to decode it. These days, failing to use encryption and access controls is akin to locking the front door of your home in order to feel secure, but leaving the back door wide open.
There is absolutely no doubt that organizations urgently need to step up their data security policies and protections, particularly as consumers are rapidly losing patience with those who cannot protect their private information effectively. In the last month or so, we have seen numerous data breaches revealed world wide; 6 million voters in Georgia, the Starwood hotel breach, TalkTalk and British Gas in the U.K., the expansion of the earlier OPM breach and more. All organizations that have fallen victim to cybercrime. Frankly, these numbers will only continue to climb if efforts are not made to stem the tide. If organizations really want to minimize reputational damage, proactive steps such as strong encryption should be taken now to ensure the protection of data, and keep it out of the wrong hands.