How NOT to manage a security breach crisis

adobe_logo1We’re often given the opportunity to learn about crisis management through the highly visible fallout from the experiences of others. Important lessons can be learned when looking at how a company successfully, or unsuccessfully, responds to a hard-hitting crisis. Everyone makes mistakes and learning from others makes us better prepared to manage a similar scenario ourselves.

Adobe hack

Adobe’s database of over 150 million users was hacked in October 2013, resulting in email addresses, passwords and credit card information being stolen. The identity thieves know which programs specific users have, making it even easier to engage in phishing to get people to download malware disguised as updates. The situation illustrates the growing problem with identity theft and how ordinary people are often the real targets of hackers who target big companies. What is more shocking is the way Adobe reacted.

How did they react?

Adobe first reported the data breach of approximately 3 million customers however this number was then raised to 38 million. The situation then took a turn for the worse when an outside company found the data of 152 million Adobe customers on a site frequented by cyber-criminals.

While Abobe may have needed privacy and secrecy with a breach of this size, responses through snail mail and email were slow. Emails sent to customers warned that data might, or might not, have been compromised and many customers received no communication at all. Even now, three months later, there is no notice of the incident on any of Adobe’s login pages.

Shocking statements emerged such as “Much of what we’re learning about the breach has come from independent researchers not affiliated with Adobe.”

It’s possible that Adobe has limited knowledge about what happened, but the silence after this attack was somewhat shocking to many users and should have been handled with more care by Adobe.

Buffer Hack: A Guide to Successful Crisis Management


Buffer-logoWith social media comes a whole new set of rules for your organisation’s crisis communications and crisis management. We’re often given opportunities to learn about social media crisis management through the highly visible fallout from the experiences of others. Buffer, the social sharing platform was hacked in October 2013. Although this wasn’t a positive experience for them, because of their successful crisis management strategy, things actually turned out ok in the end. So where did Buffer go right and what can we learn from them?

Communication is key

Buffer communicated with the media, their customers and their social audience from the get go. They successfully created a social buzz which was largely positive across their channels. Customers praised the company for their transparency and timely communications and voiced their support. Buffer reps were tweeting in response to each and every mention they received at the peak of their crisis. Staff were communicating across their blog, Twitter, Facebook and through the media, to ensure customers were fully informed. They weren’t scared to get ahead of the story, making sure that their customers heard the details of the situation from them, before they heard it from any other source.

Effective Team Management

Buffer managed their team, processes and partners effectively to reduce the impact of the interruption and they even reinforced their core values to customers while doing so. Genius. Teamwork was key. As the hack occurred on a Saturday afternoon, staff were not in the office so they worked from home, connecting with Google Hangouts. They worked together to manage Twitter, emails, and blogs post comments, keeping the user front of mind giving them real time updates and answering any questions. They expressed true concern, care and sincerity – and were completely human.

Continued Post-hack Communication

Buffer continued to be informative by providing their users with step-by-step information for reactivating their accounts. Once the situation was resolved, they heightened their security measures so as to protect the situation from happening again and they restated and reassured that they had taken the situation seriously by declaring that new security measures had been put into place. Most importantly, they welcomed feedback from users, making their crisis communications a two way process, the best way to learn and adapt.

Buffer focused on communicating efficiently throughout the crisis, keeping their users updated and reassured and, as a result, their users trust and feel connected to the brand in a more positive way than they did before the hacking occurred. Every organisation can learn from Buffer and the way they chose to handle this, potentially disastrous, crisis situation. A strong brand culture, team empowerment and an open and honest, two way communication process is essential.

Keep yourself secure online: download Strong Pass now

Target Security Breach: 7 Ways to Protect Yourself


140113121845-target-shopperss-hack-620xaThe huge security breach that has affected Target recently appears to have been part of a broader and highly sophisticated scam that potentially affected a large number of retailers. It has now been confirmed that the attack that occurred last month has affected 40 million credit and debit card accounts and led to data theft including names and email addresses of as many as 70 million innocent customers. 

Is it just a matter of time before our personal information is compromised? While many shoppers have been left feeling angry and helpless, there are some steps consumers can take to protect themselves against fraud and identity theft. After all, the best solution to a problem is prevention. Before we begin it’s important to remember that retailers are not legally required to offer credit protection services to customers and we are all responsible for continued monitoring of our credit card and bank accounts. We must continue being vigilant in recognising fraudulent emails or phone calls from people claiming to represent retailers or banks.

So, how can you protect yourself in future? Use cash instead? No. Cash can be lost or stolen with little or no recourse. Credit cards offer better protection to the card holder especially when they are used without authority, a much safer option. Here are some top tips on how to protect yourself while still using plastic.

1. Be vigilant – check your credit and debit card statements regularly and report any unusual charges, even if it’s only small. Sometimes thieves place a small charge to check if the card is active.

2. If you notice an unauthorised charge, especially if it’s a debit card, ask your provider to cancel your current card immediately and issue you a new one.

3. Consider various options for monitoring your credit profile and credit card activity. Target offers a credit-monitoring service for customers, as do other retailers.

4. Be cautious of any correspondence claiming to be from your bank or the retailer you shopped at and never give any sensitive information such as PIN numbers. Double check the URL in the correspondence you have received. If you are suspicious, report it.

5. When there has been theft of personal data, thieves will often use ‘phishing’ to convince you to part with even more personal data such as passwords. This is not only done on the phone or over email, but also social media sites such as Twitter so be warned. If you use the same password for your online banking as you do for your social media accounts then change them, you can never be too careful.

6. Too many people have simple passwords for their accounts. If this includes you, make sure you change it. If you can’t think of one, use a password generator or add some capital letters to numbers to your current password to make it stronger.

7. Shred your documents – while online fraud and data theft is growing, it’s important not to forget about correctly storing and disposing your physical documents too.

Some believe that using cash is the only solution. This is not the case. Consumers need to be aware that data security is down to their own vigilance, and they should not solely rely on their bank or financial provider to protect their information. Attacks are inevitable and will continue to happen so it’s important to be prepared and protect yourself.

Use Google Chrome To Give Unrestricted Access To Your Passwords

12 Authomate Blog 12 - ImageThere have now been dozens of reports about a serious flaw in the security of Google’s Chrome browser, so we felt it was important to make you aware of this issue.  

Google Chrome allows anyone with access to a user’s computer see all their passwords stored for email, social media and other sites directly from the settings panel. And even more worrying, no password is needed to view them!

To see the passwords, all you have to do is click on the settings icon, choose ‘show advanced settings’ and then ‘manage saved passwords’ in the ‘passwords and forms’ section. A list of hidden passwords is then revealed, but clicking beside them reveals the actual text of the password free to copy or send via screenshot, compromising all of your accounts in one easy step.

Unfortunately, Google are aware of the weakness and have no plans to change this – a problem other browsers, like Firefox, once had, and fixed. So what can you do to avoid this major flaw in your internet security?

For one, maybe it’s time to change to a new browser.

Make sure you delete any saved passwords from your browser (you can access this through your browser settings in Chrome), don’t allow this saving function and regularly revisit to make sure you’re not compromised.

And protect yourself in future by using a secure password manager, like Strong Pass. If you would like to have the peace of mind that Strong Pass offers, download the app now and take your security into your own hands.

2 Million Passwords Hacked: Only 22 Percent Were Strong

Password security analysis of the 2m compromised accounts, from SpiderLabs, a division of Trustwave.

Password security analysis of the 2m compromised accounts, from SpiderLabs, a division of Trustwave.

A massive Pony malware bonnet successfully stole 2 million passwords from users of popular online accounts like Facebook, Google, Yahoo, Twitter and LinkedIn.

This automated hack which has been going on for the past month was unearthed by web security firm Trustwave, the media is reporting. Abby Ross, a spokesperson for Trustwave went into more detail about the hack with Mashable: “Individual users had the malware installed on their machines and had their passwords stolen. Pony steals passwords that are stored on the infected users’ computers, as well as by capturing them when they are used to log into web services.”

It is widely believed a criminal cyber gang was responsible. Two of the website where passwords were stolen were popular Russian social networks, vk.com and odnoklassniki.ru, and the data cache that was uncovered was written in Russian.

There are numerous potential financial repercussions. If any of the passwords of the users are the same as the login details of online banking, store or credit card accounts then it gives a cyber gang access to peoples finances. Rather disturbingly, payroll service provider adp.com (Automatic Data Processing, Inc. – ADP) was number 9 on the list of top domains, which moves $1.4 trillion around in payroll and other transactions every year.

Equally shocking, if this random group of two million is indicative of the population as a whole, Trustwave uncovered a high percentage of poor quality passwords. Six percent were ranked as terrible, 28 percent merely bad, and 44 percent of medium strength. Only 22 percent (17% good and 5% excellent) could be classed as being strong.

Trustwave explained that, “In our analysis, passwords that use all four character types and are longer than 8 characters are considered “Excellent”, whereas passwords with four or less characters of only one type are considered “Terrible”. Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good.”

Facebook accounted for about 57% of the compromised accounts, followed by Yahoo (10%), Google (9%) and Twitter (3%). The geographic spread was worldwide, with no one country being targeted. The server which was found and taken over was located in the Netherlands, although it is believed that isn’t the country where the attack originated from.

All affected parties (both web companies and end users) have been contacted and password resets are taking place. Spokespersons for Facebook, Yahoo and others affected urge users to set strong passwords.

Attacks never stop coming. Protect yourself now, with Strong Pass.

Hack exposes 42m passwords – Worse part, they were kept in open

Cupid Media is an online dating site. Like many other such sites, young and old singles flock to it. Cupid Media operates over 30 niche dating websites based on ethnicity, religion and social preferences. In a recent hack, it exposed over 42 million passwords and other personal details. yeah, it happens. But wait, that is not the whole story. The worst part of the story is that Cupid Media had practically no security in place for protecting the privacy of its users. All User details, including passwords, usernames, and birthdays were kept in plain text. Yes! Plain text ! No encryption, Not even a simple hash. That is a shame.

Read more here.

The sad part is that no amount of creativity on your part in creating a strong password or using any password manager would have helped in this case. It is just a case of stupidity on the part of Cupid Media to have exposed all personal data of its users. It is a lesson for all of us. Whenever you sign-up for new sites, ask a lot of questions and find out what information is really needed by the site and how are they keeping that data. And once you are satisfied that the website is going to keep your data safe, user a reliable password manager (like Strong Pass) to manage your passwords and keep you protected online.

Android Users – Make sure you have the latest updates.

If you use Android smartphones with older versions of the Mobile OS, please make sure you have the latest updates. Older versions have serious security vulnerabilities that can leave your data exposed to identify theft. Stay Safe.

Android security Holes worry FBI and DHS