Uber is now facing significant public outcry after it was revealed that the company covered up a massive data breach for more than a year.
As the story goes, the company paid hackers $100,000 to delete the stolen information and remain quiet. Uber kept the incident quiet for more than a year which is a major affront to their customers.
What’s even more troubling is the prospect that this type of cover up could be happening on a much wider scale. Other companies may also be paying hackers under the table in order to end cyberattacks and avoid public scrutiny. To some people, it seems much easier to try and bury a cybersecurity incident than to go through the process of admitting a breach and cleaning it up properly.
This practice may not last for much longer.
Now, a group of U.S. senators are calling for jail time for any person that conceals a data breach. This week, the senators introduced legislation for a federal data breach notification law that will call for five years of prison time for anyone found guilty of doing so.
"Only stiffer enforcement and stringent penalties will make sure companies are properly and promptly notifying consumers when their data has been compromised," said local U.S. Senator Richard Blumenthal of Connecticut in a statement.
So as you can see, the rhetoric surrounding data breaches is now changing. Lawmakers — and customers — are getting tougher on cybercrime and are now starting to demand that companies be more accountable for their actions when managing sensitive data.
Take our advice: If your company does experience a data breach, do the right thing and own up to the problem. Notify your customers and law enforcement immediately, and consult a third party cybersecurity provider like Apex Technology Services to help you isolate and remove the threat from your network.
If you try and bury the incident, sooner or later it will come back to bite your organization.
Of course, it’s much easier to try and avoid a data breach in the first place. Apex can provide your company with the resources that it needs to protect its digital assets. These resources include employee cybersecurity training; real-time threat detection and mitigation; systems patching; data backups; mobile device management and more.
To learn more about how Apex can protect your organization from cybercrime, click here.
Here are some of the areas all organizations looking to promote a cybersecurity culture need to focus on.
1. Cybersecurity training must be done regularly.
2. Auditing and documentation must be performed regularly to ensure systems are secure.
3. Anomaly detection should be running constantly to detect threats as they emerge.
4. Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
5. Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
6. An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.
To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.