Learning From The Historical Yahoo Data Breach

Data breaches happen a lot more often than anyone likes to hear. It’s hard to determine if data breaches are completely unavoidable, but there are ways to secure your company to make it harder for hackers to get in, or if they do, they can’t do as much damage. Identity Theft

Yahoo was hit in September with one of the biggest data breaches in history. The incident has made the company rethink their strategies and try to recover and move forward from the hardest hit in history. But the real question is what weren’t they doing prior to the data breach that made hackers access so much of their information so easily.

In August, an anonymous hacker was found selling a database with login details on 200 million Yahoo accounts. Yahoo claims they were aware of the hack and they were investigating it, then two months later they were hit even harder.

Names, email addresses, telephone numbers, dates of birth, hashed passwords, security questions and more were all accessed within this hack. It is believed that the hacker was someone acting as a government official, “state-sponsored actor”, and was in Yahoo’s system for what could be years, so the exact amount of information that they accessed is still unknown.

How the hacker got into Yahoo’s system to create this historical breach is still a little blurry but The Hacker News describes Yahoo’s security system as a “back-end” system which is designed where all its products use one main user database to authenticate users. Which means, all usernames and passwords entered into services like Yahoo Mail, Sports or Finance goes through this single database, and that’s the database that was compromised.

What To Do If Hit With A Data Breach:

Now, we’re not exactly sure what Yahoo is doing now to recover from the data breach but Digital Guardian asked some of the experts what they would advise. There were lists on lists of suggestions, these are the most common and beneficial pieces of advice: data breach

1. Find out what happened, how you were hacked, and stop it.
a. Whether it’s approaching the employee that accidently send out sensitive data or figure out which system or application was reasonable for the breach and contain it.
b. Stop the breach before it gets worse.

2. Communicate: Notify those who will be affected; employees, clients, customers, etc. Be upfront and honest so you limit the rumors and enhance the level of trust.
a. Inform them on what to expect and do from that moment. Whether it’s changing passwords to preparing for the press if they are confident in what you are telling them they won’t turn their backs.
b. Be prepared with answers to all the questions you will be receiving.

3. Tag team the problem. You’ve found the source of the breach, now get your IT team together to respond to the issue.
a. Some suggest getting a third-party IT professional, the unbiased outside opinion will give be upfront with what happened, what was accessed and compromised, and their suggestions on what to do from there.

4. Change all your passwords. As soon as you receive word that you are a victim of a data breach change everything. Don’t make them similar to what they were before and be sure to use a unique pattern of symbols.

5. Work with your legal counsel to decide if law enforcement should be notified.
a. Each situation is different so you must have a solid plan before you start panicking.

6. IT Solutions: Identify how the hackers got into the system and what you’re going to do to change the security of the system. It’s not a matter of “if” it is going to happen again but of “when” it will happen again.

How Records Can Help You Prevent A Data Breach

Overall, Yahoo’s experience teaches us that no matter the cost, security should be, if not the top, one of the top priorities. Record Nations offers Document Management Systems (DMS) and password assistance for those businesses hoping to improve their security measures. DMS offers an opportunity to
control who has access to which documents, immediately change clearance levels, and encrypt documents and information. top common protection prevention strategies data breaches

DMS will allow you to create those custom and hard to crack passwords and lets you see who is looking at which documents. Easy maintenance steps will also keep your system up to date and clean to help prevent the chance of being hacked.  

Investing in the most secure systems will save your company the money it may have to spend if a data breach were to occur. Yahoo has been one of the top email providers for years, this breach made them take a big hit, and we’re all interested to see how they recover and learn from this unfortunate event. Let Record Nations assist you and your business in taking all the right precautionary measures to improve your security and keep your entire system safe.

Give us a call at (866) 385-3706, or simply fill out the form to get a free quote on digital document management today. We can connect you with a local expert to come to your office and help you become a more secure business today! 

Additional Data Storage and Encryption Resources

Data Security 101: How Breaches Happen, What’s Stolen, and How to Protect Your Business

Although recent data breaches serve as proof of the numerous ways a company can fall victim to data breaches or theft, there is still much other business owners can learn from these past examples to protect their own business. Get the breakdown on not just common causes for breaches, but also top strategies for stepping-up company securities with this in-depth white paper.

Ransomware: One More Reason to Encrypt Your Records & EDMS

Information encryption is one of the most powerful protection tools available—that is, if you actually use it. Unfortunately, criminals are now using what is known as “ransomware” to take advantage of those who haven’t already encrypted their data, maliciously encrypting the information and locking it away from true owners before forcing victims to pay ransoms in exchange for their valuable information.

Expert Opinions on Password Protection

When talking about personal and business security, the topic of password safety constantly comes up. Websites tend to make general recommendations about keeping your password secure, or occasionally force you to update passwords, but are there any hard-and-fast rules for password protection? Get strategies for protecting your passwords like a pro with help of expert opinions here.