Opportunity makes the cybercriminal. Online travel giant Orbitz disclosed Monday, March 18th that hackers gained access to one of its “older platforms.” Upon gaining access, the hackers now have such data as credit card numbers, street addresses, legal names, and more. While not to the scale of an Equifax or Yahoo! breach, many can rest assured knowing the site DID NOT contain any social security information. However, they’re offering free credit monitoring through AllClear ID to more than 880,000 people, a total cost of $13,156,000. Orbitz is an example of how simple fixes could have prevented a $13 million dollar mistake.
HOW COULD WE HAVE BEEN HACKED?
Phishing emails have become commonplace amongst criminals. Many times, you see exploits being sold on the dark web to other hackers and cybercriminals to hurt your brand’s reputation. Although indirect, your business can suffer from these effects, like Orbitz. Having to fix this fatal error, Orbitz has offered those affected a year’s worth of free credit monitoring. What makes this case unique is that preventative maintenance could have saved all parties involved, at a minimal cost.
Three Tier Approach:
When preventing Ransomware and doing general cybersecurity, you should focus on three major components.
1. Education: You must train staff members on the trials and tribulations of these threats. As many have reported, these styles of attacks have grown 500% since 2017. As everything becomes more connected, it will become vital to train your staff on spotting phishing emails, like that used in the Orbitz hack.
2. Backups & Storage: Once inside, criminals gain access to all saved payment data. Best practice tells us that old data should ALWAYS be encrypted and archived for safekeeping. From a technical standpoint, you should always check with local regulations on how to handle your industries, online payment information. Although hackers and ransomware exploits can encrypt your backups, most attacks don’t bother looking through achieved data, as the process becomes far too time-consuming.
3. Email & Web Filtering: You must gain control over inbound messaging. The largest attack vector for ALL breaches and ransomware is email phishing. Filtering provides you the ability to filter incoming messages from high-volume attack countries like Korea, Serbia, Vietnam. Don’t allow outside attachments from cybercriminals into your network. Email and web filtering will provide you the ability to better control inbound messaging.
A backup appliance, a built-in retention policy, and educating your employees are the BARE MINIMUM you need for starting a company culture of security. Instead of purchasing 880,000 people a year’s worth of credit monitoring, focus on the preventative measures in your organization.
Don’t know where to start?
Our staff is well-versed in the threat landscape and would be happy to assist your organization in building a better stance on security, warding off cybercriminals looking to hurt your business. Clare Computer Solutions has been serving the SF Bay Area’s IT needs for over 30 years. Contact us today to get started.