Yahoo confirmed in September that at least 500 million user accounts had been affected by a massive breach.
Yahoo’s chief information security officer, Bob Lord, said in a blog post that account information taken “may have” included names, email address, telephone numbers and dates of birth. Lord also said that password information – though not passwords in plain text – may have been stolen, as well as some answers to security questions.
Yahoo is still investigating. But thus far, Lord said, financial information, including credit card numbers and payment card data, were not accessed; that information is stored in a separate system.
The news has put users of personal accounts and business IT managers on edge, due to both the size of the breach and the fact that news of this – and other – attacks has been slow to be brought to the attention of the public.
Shirley Peterson of CMIT Solutions in Fort Worth works with small- and medium-sized businesses on IT issues, providing services and solutions, as well as protecting businesses from data breaches.
Backup, she said, is key for users to remain up and running when dealing with a computer security issue.
“If people have been proactive and backing up their system, we can have them up and running pretty quickly,” she said.
Peterson began her business in 1999, so she has seen more than a few IT issues over the years.
Recently, she has seen a lot of ransomware viruses crop up among users. Ransomware is computer malware that installs code covertly on a system and demands ransom payment to restore data or files.
“We see ransomware weekly,” she said.
Below are some tips from Peterson and her team that can help businesses protect themselves from IT security threats.
• Educate your employees. Sometimes employees accidentally allow unauthorized access into the company’s network through clicking unknown links or attachments in an email or connecting to an unsecured Wi-Fi network. You could classify these actions as internal threats.
• Use two-factor authentication. Two-factor authentication requires you to enter something you know (like your password) and something you have (typically a unique code delivered to you via text message or email). This added step can make a big difference in security and make it harder for hackers to access your information.
• Safeguard information from third parties. Consider all parties with access to proprietary, confidential information. Make sure the information that should be kept private from business partners and third parties is properly safeguarded. The concern regarding third parties is not that they would intentionally hack/leak private information, but if the third party doesn’t have a strong security system in place, it could make your information vulnerable as well.
• Protect mobile devices. It is extremely important that if a business is allowing employees to access email and the server from their personal mobile devices that protective measures, such as a passcode or thumbprint, are in place. If a mobile phone is lost or stolen, that can put a business’ internal network at risk.
• Change your passwords regularly. You can manually change passwords on a regular basis or you can employ a password management solution to handle frequent password changes. Either way, don’t assume your old password is safe – especially if you use it across multiple portals.
• Check your security policies. Security policies should be tested and reexamined regularly. Cyber threats are always evolving, she said.
This story contains information from the Washington Post.