Joining the ranks of Equifax, Marriott, and Target, Capital One is the latest company exposed by a large data breach. More than 106 million people were affected, and it’s possible that several more companies may have been exposed as well. This breach appears to be different from others because the hacker’s motive is unknown. Regardless of their motivations, the relative ease and openness of the attack is extremely concerning.
As companies come to rely on huge amounts of data and more advanced technology, they also need to be aware of the risks. Keeping that data secure from bad actors is important to avoid fines, protect customers, and save your bottom line.
Here are three lessons your company can learn from the Capital One breach:
1. Don’t assume the cloud is secure.
Many companies rely on cloud hosting. In fact, hosting data in the cloud is supposed to be the most secure way to keep your company’s information safe. However, this breach shows that the cloud is not infallible. It appears that the hacker exploited a vulnerability in Capital One’s data security process.
Though the alleged suspect has been taken into custody, it appears that she also has information from several other companies. As this story continues to develop, it’s possible that there may be many more people and businesses affected. If you use cloud hosting, it’s important to make sure that you have the best security systems in place.
2. Keep your data clean.
A lawsuit has already been filed against Capital One for this breach. One of the claims in the lawsuit questions why some of the leaked data was kept even after it was no longer needed, as well as why this data was not properly secured if it was being retained.
In general, you should only be holding data that is strictly necessary for your business. Regularly scrubbing your data stores to remove unnecessary information can help you avoid major issues. Consider how you will use the data and whether it serves a specific purpose. If not, it should be deleted. Any information you do keep should be protected by strong security measures.
3. Don’t mess up your response.
While breaches can be problematic for companies in many ways, failing to respond correctly can be especially dire and cause lasting damage to your brand. Capital One had a well-thought-out response—however, it came a full ten days after they found out about the breach. By not notifying the public immediately, they opened themselves up to criticism — especially from consumers who learned of the breach through news about the suspected hacker’s arrest instead of through Capital One’s official statement.
If a breach does occur, you want to quickly construct a PR plan to control the narrative and limit the damage. Make sure you explain what happened, how you are fixing the problem, and who was potentially affected. By being transparent and quick with your response, you can limit the public fallout.