Have you ever received a breach notification from one of your online service providers and felt that sinking feeling as you try to remember where else you use that email address or password?
Or worse yet, you hear about the breach on the news and realize your provider never notified you of the issue?
After scanning through the notification, you scramble to login and change your password in an attempt to regain your privacy and sense of security while considering whether or not you want to keep doing business with that particular company.
Well, you definitely aren’t alone in feeling that way.
According to a recent study by Cintas Corporation “two thirds of U.S. adults would not return to a business if their personal information was stolen.” This staggering number indicates data breaches seriously erode brand reputation and customer loyalty, which could ultimately threaten the financial future of an organization.
John Otten, Marketing Manager at Cintas commented, “With every data breach comes a cost, including lost productivity, a damaged reputation, and most importantly, decreased revenue when customers take their business elsewhere. This research confirms that by failing to make security a priority, businesses can discourage once-loyal customers from returning. It could also stop potential customers from ever patronizing your business.”
Many of the survey respondents included in the Harris poll said they would readily change banks, health care providers, or charitable donation behavior in the event that their personal information was breached.
That’s not surprising since increasing awareness of the drivers for data breaches is understandably making consumers more cautious. There is a direct correlation between data breaches and identity theft as well as social engineering schemes — this is why they have the potential to drive customers away in droves.
“By breaching the data stores of businesses in the financial, healthcare and retail industries, criminals can obtain the fuel they need to execute various fraud schemes, and these crimes have crippling consequences,” said Al Pascual.
Personally speaking, I decided to remove my credit card information from my Adobe account after the early October announcement of the data breach impacting 2.9 customer accounts, and my decision to do so was validated recently when Adobe announced the breach was magnitudes of order larger than originally reported,“with hackers obtaining data on more than 38 million customer accounts,” according to Reuters.
I’ve been monitoring my credit card for fraudulent activity and so far no problem, but it’s disconcerting that the breach was much larger than originally reported.
Unfortunately, the number of impacted accounts continues to grow, and according to Dan Goodin, “researchers are warning the same breach could significantly strengthen the password crackers’ collective hand by revealing a staggering 130 million passcodes used over the years by Adobe customers, many of them from the FBI, large corporations, and other sensitive organizations.”
This large payload of data was stolen from a backup system that was supposed to be decommissioned and the passwords were stored using reversible encryption. These are two examples where rigorous IT security practices and a secure software development lifecycle (SSDLC) could have helped Adobe eliminate and mitigate risk in the event of a breach.
If you want to protect your identity as a consumer in our increasingly digital world I recommend the following tips:
- Use different passwords and email addresses for different providers. This decreases the likelihood of a single account compromise providing the keys to your castle. Password managers are a great way to keep track of all the different passwords you use.
- If one of your online service providers was recently breached, go change your passwords today and choose something really strong, like a complex passphrase. Remember to change your passwords every three to six months and use multi-factor authentication where offered.
- Periodically review all the data you choose to store in various online accounts, removing data that is not critical. If you do choose to store payment information with your online service providers, consider using a credit monitoring service to help you spot irregularities.
- Deactivate accounts that are no longer used to reduce the risk of an abandoned account becoming compromised. I’m sure I’m not the only one who gets spam from the webmail accounts of college friends about once every three months.
- Consider setting up Google alerts so you receive email notifications if one of the companies you do business with is breached, since unfortunately, not all vendors will notify you as quickly as the news hits the wire.
The key is maintaining awareness about the risks associated with your personally identifiable information being compromised.
Know that your identity could potentially be stolen leading to serious financial losses, not to mention headaches, or hackers could gain access to contacts in your social network and try to lure your friends into trusting content they receive because it appears to have come from you. In the event of a breach, take immediate action and follow any guidance offered by your service providers.
- Overusing the Term Hacking Impacts Security Awareness
- Give Me the Finger – Biometrics, That Is…
- Startup Security: Minimum Viable Product Shouldn’t Mean Minimum Security
- Securing WordPress: Hardening Basics
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock