Two significant recent data breaches that you’re unlikely to have missed involved two brands associated with children’s toys – Hello Kitty (Sanrio) in late December and VTech earlier the same month. What’s important to realise about these incidents is that they indicate that hackers will now happily scoop up any and all user data they can lay their hands on. There was a time where payment card data seemed to be all that mattered to cybercriminals, but those days are over. In both these recent breaches, the data stolen did not include financial information like credit card details, rather it was personal details, including email addresses, passwords, names, home addresses, genders and birth dates – the value of which lies in conducting identity fraud.
The lesson from breach incidents like these is twofold. Firstly, more of your data should now be considered ‘sensitive’ or ‘at risk’ – it’s not just a case of ring fencing financially sensitive information; that is not all that is under attack. Linked to this, there is a clear case for adopting a default strategy of ‘encrypt everything’. This reduces the damage that hackers can cause, as encryption renders stolen data illegible and virtually useless. These days, failing to use encryption with effective access controls is akin to locking the front door of your home in order to feel secure, but leaving the back door wide open.
There is absolutely no doubt that businesses today need an urgent rethink on current data security policies, particularly as consumers are rapidly losing patience with those who cannot protect their private information effectively. In addition, a recent Vormetric survey investigated consumer attitudes to data loss showing that, if businesses really want to minimise the reputational damage should the worst happen, proactive steps such as strong encryption should be taken now to ensure the protection of that data even if it falls into the wrong hands.