Aside from heading up content for Reason Core Security, the best anti-malware solution on the whole dang planet!, in my spare time I dabble in website development. I’m an avid WordPress fan as you may have noticed from our blog. Scaling both the security and WordPress-o-sphere, I’m well aware of the security issues that WordPress can have. That’s why I have numerous security plugins enabled and I salt my truly convoluted passwords. I enable two factor authentication wherever possible and I purge and update plugins with a vengeance. My fellow WordPress aficionados tell me I’m a bit overboard but I remind them that in cyber security there really is no such thing as “too much”.
Despite my awareness of the vulnerabilities inherent within my beloved WP, it never occurred to me that I would really be at risk. That is until I got the following email from my WordPress specific host today as I sat down to write my next security-centered article: (This isn’t the host for our blog at RCS or the host that any of my web development clients use, it’s for my own personal website)
At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials. Out of an abundance of caution, we are proactively taking security measures across our entire customer base.”
The nutrition facts on corporate breaches
You know that sinking feeling in the pit of your stomach you get after finishing a whole container of Ben and Jerry’s Triple Fudge Chunk in one sitting, then you turn it over and look at the nutrition facts, once there’s nary a spoonful left? It’s that “Oh man, I wish I hadn’t looked” feeling, usually accompanied by slapping your forehead with the palm of your hand.
It’s all so ironic. I regularly tell you dear readers of the perils of surfing the internet without proper security measures. I drive my loved ones crazy regarding their PATHETIC attempts at password security. I encourage everyone I possibly can to set up Reason Core Security to keep malware and threats at bay. I am the “patch n’ update” poster girl. And here I am, potentially compromised in a corporate breach. Oh, the irony!
The truth is though, as was so apparent over the course of 2015, businesses get hacked all the time and there isn’t much the end user can do about it in general. Think Target, Anthem, Home Depot, JTX, Hilton Hotels, Ashley Madison, TalkTalk and now Vtech. In fact, this post was originally conceived as Top 10 Hacks of 2015 and Lessons to be Learned post… until I opened my inbox and read the email from WP Engine. I’m fairly sure that this hack on WP Engine won’t make it to the top 10 or even top 100 hacks of 2015 (I hope, I hope!) but that only bolsters the point – Businesses are getting hacked every day and at some point, through no fault of your own, you may end up compromised.
Just how much is lost in a corporate hack?
The scope of what is exposed in a large security breach varies by industry. In the Target hack, skimmed credit card information was put on sale on the Darkweb in a matter of hours. In the case of the Titanic-sized Anthem attack, credit card numbers were the tip of the iceberg. Social Security numbers, dates of birth, physical and email addresses, income information and more were exposed. That’s more than is needed to pull off identity fraud, tomorrow or years down the road. Those victims need to remain in a constant state of vigilance – forever.
In the case of the WP Engine hack, it’s far too early to know what information, if any, was exposed. Hacked hosts accounts for 41% of all WordPress site hacks and that is indeed worrying. All I can do now is wait and see…
What corporate hacks mean for the consumer
Corporations are beginning to look at hacks as an occupational hazard of doing business. According to SCMagazine.com “it’s no longer a matter of ‘if’ your organisation will be breached, but ‘when’.” Chances are, if you shop (online or IRL), use health insurance providers, pay your taxes or, well, do anything nowadays, you may end up with compromised information. It’s worth it to bear in mind that in such events there are a bunch of things you can do if you suspect that your information was involved:
-Inform your bank and credit card company of the incident
-Monitor your credit card statements regularly. Look for any inconsistencies or unfamiliar purchases and inform your bank or credit card fraud department as soon as you notice them
-Change all of your passwords asap, including banking passwords and make sure they are rock-solid
-Make sure you are running the most powerful anti-malware program available. More than ever, anti-malware will be your best friend, now that through no fault of your own, some of your information has been leaked. A solid AM solution like RCS will alert you to suspicious links and downloads and anything else that shouldn’t be happening on your computer.
-Be extra vigilant to watch out for phishing emails and phone calls claiming to be from banks and stores
-Stay informed about the breach and keep in touch with the relevant departments if you can as circumstances unfold.
As I can attest, no one is really 100 percent safe when it comes to corporate hacks. But by being vigilant and having strong defenses you can keep it from becoming the end of the world. As for me I’ve got to go reset passwords and check up on my credit card.
Well, so much for my article on top 10 corporate hacks of 2015 and lessons to learn from them, but as they say, there is no better teacher than experience!