The more things change, the more they stay the same. This is a story we hear repeated far too often in the press. A company, or in this case, a non-profit, seemed to believe itself to be immune from hacking because it’s performing a worthy mission. Under the misguided belief that nobody would hack them because they’re doing a good deed, their security was minimal, and they got hit.
No One Is Immune
It is true that there’s a certain class of hacker who wouldn’t bother with a company that had no real protection. They wouldn’t bother because there’s no challenge in it. Sadly, this does not describe all hackers. There are plenty of the other sort who will hit a company just because they can, as the folks at Goodwill recently learned.
Every company has enemies. Every company is vulnerable on some level. It’s naive to think otherwise, and yet, we see that attitude in the market every single day.
In this particular instance, the individual consumers did not help themselves at all. Many of the accounts compromised were compromised by simple reuse. In other words, because individual consumers tend to reuse the same password for multiple accounts, once a hacker breaks into one account that they own, the rest of their accounts become easy pickings.
Here then, we’ve got two core issues in play. Individually, either of these issues are bad news, both for agencies (for profit or otherwise) and for the individuals who use those agencies. Taken together, however, they are just simply ruinous.
Companies that exist in a state of denial and who cannot or will not take basic steps to protect themselves set themselves up to be easy pickings for even moderately talented hackers. Consumers who use those unprotected or under protected agencies and recycle the same passwords from one account to the next open themselves up to tremendous personal and financial exposure and potential loss.
There Is No Magic Answer
There is no one thing that can provide bullet-proof protection, but there are a number of fairly obvious, straightforward strategies you can employ to protect yourself. From the agency perspective, even if you have no budget for security, there are free software solutions that provide at least reasonably good protection against hacking. Even a cheap lock on your door is better than no lock at all.
From the perspective of the consumer, the first and best thing you can do for yourself to minimize risk would be to use a different password for every account you’ve got.
The reason there are so many successful hacking attacks year in and year out is the simple fact that people assume it can never happen to them. That’s a very dangerous assumption, and it leads to all manner of bad behavior that seems almost designed to maximize the pain inflicted when it inevitably does happen to them. Much of this is avoidable. We are often our own worst enemies, making our own crises woven from the fabric of a false sense of security, then we wonder how and where it all went wrong.