Hi all, this is Naomi Burgess, and I’m here to talk about the recent hack of the Ashley Madison site and to tell you about why it should be a cause for concern for your business.
What is Ashley Madison?
To give you a brief overview, Ashley Madison is a dating website for married people that was hacked back in July 2015. To this day, many of its users don’t know what’s going to happen to this personal data, and the company itself is facing quite a few problems. Unfortunately, this cyber heist could very well be the start of a new era of cyber attacks that might affect your business, too.
Failure in Security
For starters, all clients value their privacy and if they realise, as a result of the Ashley Madison hack, that their personal data that they send over to you could be compromised, they would hesitate to engage in business with you if it means that you’d have their details. This could be a very big issue, particularly if you’re an e-commerce industry player – most of your business is done online and all your transactions are paid for by non-contact payments. Can you imagine the implications of an Ashley Madison-scale cyber attack on servers like PayPal or SagePay? You could very well lose many customers that way!
Be careful who you send out your bank info’s
You’re not guaranteed customer retention if your customers pay by direct bank transfers, either. Nowadays most of the banking is done via the Internet, and there are heaps of data stored on the banks’ servers. The Ashley Madison hackers have already leaked quite a lot of personal data and it’s likely that they’ll leak even more. No customer wants the whole World Wide Web to know their bank details!
Online Attacks can do harm on both relationship and business
Ashley Madison hacks are very telling in another way as well – the site is targeted at people who want to engage in extramarital affairs, and is believed to be hacked for the purpose of “exposure” of its users. This tells us that there could be attacks on businesses that produce products that contradict certain hackers’ moral views. Unfortunately, this opens a whole new realm of possibilities. If, for example, you’re in business of manufacturing sex toys, or corporate initiatives that “aren’t green/sustainable enough”, the Ashley Madison situation could have particular implications for you. There would always be people who don’t agree with what you do, and you likely have customers who value their privacy, so the hack could set a precedent that would mean all kinds of negative and disruptive implications for you. Ashley Madison hackers, as I said earlier in the post, have released the data relating to certain users and are now threatening to release more. Obviously a hack like this would bring a lot of distress to your clients, and they would almost certainly want compensation, which would lead to you incurring additional costs. It goes without saying that, while certain types of businesses are already under scrutiny from the public eye (see my example about sex toys), hacks on this scale would damage their reputation even more. Can you really afford to do that?
Cyber attack can turn your company down
Even if the business you’re involved in is unlikely to cause people to raise their eyebrows, you could still be affected by a cyber attack. The causes of the Ashley Madison heist are yet unknown, but it’s likely that those behind it have a lot of skill and little concern for others. They might be motivated by their morality, but I highly doubt that there is no financial incentive involved. If you run a large business like Ashley Madison (the website had over 35 million clients at the time of the attack), you might face ransom demands in exchange for the customer data never going public, which would mean a lot of incurred costs, as well as loss of goodwill – even if their data never goes public, your clients would be unlikely to ever want to buy from you again, after such a distressing event. Even if you run a small company – or even if you’re a sole trader – you would still incur losses from a cyber attack. For example, they might want professional access your company has to a big client, or supplier, or information on an individual who works for you. Or even you! You might also face blackmail, like Ashley Madison.
Keep your Data’s Protected
The Ashley Madison hack clearly shows that it’s possible to not only steal client data, but that company data isn’t safe either. All businesses have confidential information they want to protect, and if it’s that easy to steal, certain measures would have to be taken as soon as possible. Try to keep hard copies of your sensitive information and make sure that the access to it is granted in accordance with the rules in place. If your business doesn’t yet have a confidential information access policy, make sure to draft one as soon as you can – one of the attackers on Ashley Madison could’ve been a former employee.
Hackers can be Internal partners so watch out
I said earlier that hackers could also be after personal data of your employees or even your own. HR departments usually have quite a lot of personal data on file, and today, a lot of it is kept on a company server. In addition, most companies today use social media to do background checks on prospective candidates and to connect with customers. Hackers could also attack your company to obtain access to your social media accounts and use them for what are likely to be fraudulent purposes.
Hire reliable IT’s
Based on what I’ve told you, it’s clear that certain kinds of measures have to be implemented, following the Ashley Madison cyber attack. However, in order to do so, we would need to know more about how it had happened. For now, what you can do is issue confidential information policy if you haven’t already done so, carry out some cyber security training sessions within your company, and schedule regular security checks of your IT systems. You might also want to make sure that your servers where you keep the client data are as secure as possible. Perhaps you could look into hiring IT staff that have experience dealing with hackers. The last point particularly applies to those of you who might be involved in “unorthodox” businesses (see my example of sex toys).