The shockwaves that were caused by the massive leaking of user information from the online dating site Ashley Madison can still be felt. The attack that was inflicted upon the Canadian company has left both users and the general public stunned. As the dust settles there remains one large question still hanging in the air – in whose hands are we leaving our confidential information?
Looking beyond the debates on privacy that have been caused by the Ashley Madison saga, there are a few lessons to be learnt about cybersecurity and massive data theft. The companies themselves must take advantage of this scandal to learn some things and avoid being the protagonists of the next leak:
- Security is of utmost importance. When you’re managing information belonging to clients at the same level as that of Ashley Madison, it is extremely important that you protect their confidentiality. However, all companies, in one form or another, work with third-party information so there is no gray area here – your company must look for a security tool that adequately protects the information.
- Make it difficult for the cybercriminals. In the case of Ashley Madison, the information was kept for years and the user IP addresses were directly linked to their email accounts. The management of information is a sensitive job and it should be stored for shorter periods of time and in a more anonymous manner.
- Protect your digital empire. It isn’t just third-party information which is at risk, but also your own company’s private data. In fact, a second leak made public the source code of Ashley Madison, which will allow other cybercriminals to search for new weaknesses.
- Cyber insurance has arrived. The dating website has lost, after the cyberattack, the closest possible to jump into the world market. Its credibility has hit rock bottom and its future is in doubt. In situations like this, companies that could suffer heavy losses after a cyberattack should consider the possibility of having a cyber-insurer, as many US and European companies already do.
In addition to the advice that every company should follow in light of the Ashley Madison incident, employees can take precautions and act accordingly. Thus, one should take extra care to avoid landing your company in a future scandal when registering with a compromising service:
- Avoid using a corporate email account. Every employee (including directors) should avoid using their company email account to register with an online service. A case like Ashley Madison is sufficient to call into question the name of companies, political parties and institutions that have been affected by the leak.
- Separate private and work life. Not only is it recommended that employees of your company don’t use their work email for certain personal matters, but it would be even better if they avoided using the office computers. At the end of the day, even if they don’t use the corporate email account, the IP could be identified, just like what happened in the United States Congress – thanks to his clumsiness, an employee has put the name of his employee at the center of the storm.
- More valuable than gold. Information theft is like the gold rush of the 21st century and it must be treated with extreme care. All employees should be aware of how important it is, even more so following the Ashley Madison scandal. It’s not only their privacy which is at risk, but sooner or later it is inevitable that a third-party’s information could be put at risk – it is something which is inescapable in business.
- Be wary of everything. For certain things, it is best not to rely too much on the Internet. Each employee can do what they see fit in their private life, but if you use computers and corporate mail accounts, someone should explain to them the dangers of doing so. On the one hand, cybercriminals are always lurking and, secondly, scams are the order of the day. Beyond data theft, not everything was as clear as it seemed with Ashley Madison – there were false accounts to attract customers and a note in the small print which stated the company renounced any responsibility in the event of a leak.
The storm caused by the leaking of information in the Ashley Madison case will pass, but these lessons will remain valid and essential for all companies. Information theft is a real issue and it’s vital to protect yourself, your business, and others.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
