It seems we cannot go a week without news of a malware attack of some kind, be it ransomware, stolen credit card information or other security breaches. The increasing trend is that not only are organizations and enterprises affected, but also regular consumers.
So one of the latest concerns to affect a large number of consumers is the breach confirmed by California’s Attorney General: Taiwanese computer giant Acer reported its online store was compromised, and sensitive customer data was accessed by hackers.
In the case of many hacks, a limited amount of data may be accessed; in this case, however, the damage is relatively widespread. Reportedly, the leaked data includes not only customer names and addresses, but also credit card numbers, expiration dates and even CVC security codes. However, experts have no evidence at this point that login credentials are part of the pirated information.
Unfortunately, consumers hear almost daily that yet another retailer or organization has been infiltrated by hackers, and their confidence in even the most well-established enterprises suffers as a result. With the ever-increasing amount of malware created every day, the traditional security technologies and policies are finding it impossible to keep up.
E-commerce in general is feeling the effects of the barrage of malware. Creeping skepticism may ultimately protect consumers, but unless online retailers and enterprises can provide guarantees of security, businesses may see dramatic declines as consumers react to the seemingly constant reports of breaches.
Apparently, there are approximately 34,500 customers from the United States, Canada and Puerto Rico that have been affected by this latest security breach.
In a letter from Acer submitted to California’s AG, the company says hackers had access to data in the Acer server for more than a year, from May 12, 2015, to April 28, 2016. However, the company has taken steps to protect customers, solving the security issue.
Businesses should educate employees on cybersecurity—make employees aware of recent phishing scams and emails, and how those campaigns have been designed, and encourage them to create strong passwords on their accounts and periodically mandate that they change those passwords. Nobody enjoys doing this, but everybody REALLY hates getting breached or divulging sensitive company or customer data. Encourage employees to report suspicious behaviors or emails.
And the best way to prevent ‘being compromised’ is to employ a multi-layered approach to endpoint security made up of Firewall, URL filtering, Anti-Virus, File Lookup Service (FLS), a Host Intrusion Protection System (HIPS), Behavior Analysis and containment with auto-sandboxing. Only with all these layers of defense in place can organizations truly be protected.
Comodo experts recommend consumers create strong passwords and use two-factor authentication where available. Also make sure to create different passwords for each account. This will limit an attacker’s ability to break into other accounts if one account is compromised. As an IT professional, or MSP, there are many options to help secure your organization’s customers against this type of malware.
John Peterson is vice president of Enterprise Product Management at Comodo.