High-profile hacks and data leaks, and what we should learn from them
When are we going to learn that if we leave an open door to our data, someone will walk right in and help themselves?
Data isn’t inherently unsafe. And yet it seems like not a day goes past without a high profile company falling foul of an embarrassing and/or costly data leak. There’s the infamous ‘laptop stolen/left on a train’ scenario – a popular favourite with government agencies and the NHS. Or there’s the hacked database – with recent offenders being Spotify, Kiddicare, CarPhone Warehouse… the list goes on. And as we’ve all noted before, much of this is not sophisticated hacking carried out by hard-bitten cyber-criminals, it’s SQL-injection by 15 year old kids. Data given to high profile companies is being exposed by – quite honestly – schoolboy errors.
[Visualisation of the world's greatest data breaches - selected losses greater" than 30,000 records. Courtesy of informationisbeautiful.net]
It’s how we use and store digital assets that causes the issues, and that’s where simple steps can be taken to mitigate the very real business risks. The company website is one of the more obvious points of access for data theft, and often access is gained through what is effectively an open door in the code.
Security through obscurity is not the solution
The thing to be aware of is that we all run the risk of having our own Kiddicare moment. You may think that your site isn’t big enough to become a target for hackers, and you may be right. But is that sufficient reason not to ensure you’re doing everything you can to protect your – and your clients’ – data? And, granted, if someone really, really wants to get access, they probably will. But is that a good reason not to lock the front door?
When are we going to learn that if we leave an open door to our data, someone will walk right in and help themselves?
You can see it in the press statements that are issued in the wake of the big breaches - most of the people in business who are responsible for company websites wouldn’t know a security vulnerability from a hole in the ground – and nor should they. It’s not their jobs. But it does raise the importance of working with a team who do. By working with the right web development partner, you can greatly reduce the risk through the use of best practice and industry standards to ensure no loose ends within your site and no redundant or bloated code that hackers target so successfully.