Online deals service LivingSocial says its website has been hacked, and the personal data of more than 50 million customers may have been affected.
The company says it’s advising all customers Friday evening to change their passwords and that it’s contacting customers in most of the countries where it operates.
Canadian Business reports that in an email to customers, the company says customers’ names, email addresses and dates of birth may have been exposed by the cyberattack. But it says the database that stores customer credit-card information was not affected.
Incidents like these are a reminder for businesses to take data security seriously.
A recent survey of more than 1,000 Canadian businesses released in February commissioned by the Office of the Privacy Commissioner of Canada showed that 96% report that they have never had a breach affecting personal information. But that may be because many companies lack the proper controls needed to monitor and detect breaches.
One of the major issues can be tracked back to hiring. According to that survey, 68% of companies don’t give their employees any privacy-related training. Other research shows that employees account for a remarkably high share of security breaches. According to “IT Risk/Reward Barometer,” a study of Canadian IT and business professionals by the Information Systems Audit and Control Association, the vast majority of respondents reported that up to 40% of security breaches occur as a result of employees using work devices for personal purposes. And 53% of respondents believe that employees’ use of work equipment for personal purposes is causing security issues.
They may be right. Last year, Zscaler Inc., a cloud-based provider of Internet security for businesses, released a report showing that many popular mobile apps leak information about the device and/or user.
Since it’s impossible to guarantee that an employee won’t use mobile technology for personal reasons, the only way to fully control that risk is to ban mobile devices in the workplace altogether.
Too extreme? Security measures can be as simple as requiring all employees to changes their passwords on a regular basis. But, ideally, staff members should be adopting that sort of “secure” behaviour on their own. Look for staff who “get it” about security and avoid unnecessary breaches. Sage North America’s report also suggests that business decision-makers may be wise to establish a bring your own device (BYOD) policy in order to protect their company’s proprietary data while still allowing workers to use their personal devices remotely.