Relevant Items

3 Lessons from the Uber Hack about Protecting Consumer Data

phone with Uber app

If a Company Gets Hacked, And Nobody Is There To Hear It, Does It Make a Sound?

What if you got hacked, were able to retrieve the data from the hackers and didn’t tell anyone about it? Would all of your problems go away?

THE UBER BREACH

Dubbed a “mega-hack”, the breach was reportedly the result of a group of Uber engineers leaving login credentials to the company’s Amazon cloud computing service on Github, a popular code repository, where hackers found consumer data for 57 million Uber users unencrypted and free to access. Uber was able to track down the hackers and paid them a $100,000 ransom for the promise they would walk away from the situation silently.1

A year later, while Uber was already facing privacy violations in court with U.S. regulators for unrelated allegations, they admitted the hack in a press release that was immediately picked up by major news publications and made news worldwide.2

THE INCREASING IMPORTANCE OF MANAGING CONSUMER DATA

If anything, this case reinforces the importance of having top notch strategies and resources to manage the security of consumer data.

There are a number of things organizations can do in advance to reduce the likelihood of ending up in a situation similar to the Uber breach.

Even Uber’s CEO has admitted “This should never have happened.”2

Here are three areas you can explore to help your organization protect consumer data:

1. Make sure you are always leveraging your cybersecurity firm.

Authentication and security solutions have evolved so that they should accelerate digital business and allow companies to do business in new ways.

Does your cybersecurity firm know your business inside and out? Does it offer a wide array of authentication and security solutions, and centralize them into easy to use, yet highly secure platforms? Do you trust them to give you hard answers when you are facing hard problems?

Cybersecurity firms are there for more than just their products. Managing and protecting consumer data, the devices and data flows used to access these, as well as the people surrounding them is a daunting task for any IT professional. Having a partner on the job – someone who has your back – is not only an advantage, but a wise choice.

2. Adopt a security solution that is equal to your organization’s security culture.

It is not easy to hard-bake security into organizational culture.

The aim of modern authentication solutions is to enable users and accelerate, not stifle. There are numerous instances where highly sophisticated security infrastructures were compromised due to human action that circumvented security measures. Modern authentication solutions want to eliminate this possibility.

It’s thus important to take a hard look at your security culture and determine just how much you want to make security measures a part of your workforce’s or user-base’s life. Just know that there is most likely an authentication solution in place to help you align your security solutions with methods that can take pressure off of individual users to manage their security, and put it in the hands of experts.

Authentication Solutions Are Becoming Highly Evolved

3. Prioritize trust.

Getting hacked in itself is a breach of trust. When you get hacked, you have failed to protect your customers’, employees’ or corporation’s secrets.

We can’t forget that all cyberattacks are malicious, but when’s the last time a hacker’s reputation was tarnished by a successful cyberattack? Brands and people are victimized by these attacks, and so is the trust that is necessary to even get access to such valuable information in the first place.

We are closer than ever with our customers. This closeness through enablement is what drives the need for security that goes beyond infrastructure and taps into why your customer’s trust your business. Every point of contact with your business is a chance to reinforce what makes your business great.

Speak to a Trust Expert

1 - https://www.technologyreview.com/s/609539/uber-paid-off-hackers-to-hide-massive-data-breach/

2 - https://www.technologyreview.com/s/609539/uber-paid-off-hackers-to-hide-massive-data-breach/ 

Stephen Demone

Stephen Demone
Stephen Demone is a Content Developer at Entrust Datacard where he specializes in digital certificate technology. An avid storyteller, Stephen has applied his love of writing to developing content that teaches, informs and sometimes challenges convention. Stephen graduated from the University of Ottawa Telfer School of Management  in 2009 and joined the Entrust Certificate Services division shortly thereafter.