eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
2Never Use the Same Password on Multiple Websites
The same passwords shouldn’t be used on multiple sites. Engaging in such an activity is almost as bad as having no password at all. In its May 21 letter to users, eBay urged customers to change all passwords across all the sites they use, and to never use the same password for two different services. Having unique passwords for every site might take more effort to manage, but it’s a necessity in today’s insecure world.
3Don’t Trust Any Company
No company can be trusted. Although there was a thought at one time that smaller firms were most likely to be affected by security breaches, now it’s clear that even the biggest companies in the world can get hit with major hacks. Therefore, it’s incumbent upon users never to trust a company with their data.
4Expect to Be Hacked
It’s sad to say, but today’s Web users should expect to have their information stolen at some point in their lives. Considering hackers have been able to break into government data centers, retailer servers and, now, eBay, among many, many others, it’s practically impossible for anyone to be safe from being hacked, no matter what they do.
5Financial Information Tough to Grab
6Companies Aren’t Learning From Issues
At what point will companies start to learn from the hacks that have affected so many other firms? It seems that there’s a sense in the security community that just because one company was hacked, it won’t happen to another. It’s a false sense of security and it’s causing breaches that are wreaking havoc on companies across the globe.
7The Enterprise Is Not Doing Enough
For enterprise IT decision-makers, all this news of data being hacked should be a wake-up call: You’re not doing enough. While many IT decision-makers might believe that their corporate data is secure and they have nothing to fear, it’s becoming increasingly apparent that believing that is a mistake. Assume you’re not doing enough with security, IT professionals, and maybe you’ll just get lucky and not get hacked.
8Hackers Are Winning
The malicious hackers targeting companies around the globe are winning. And it’s about time someone said so. For too long, the security community has pretended that it can keep pace with malicious hackers. The truth is that it can’t, and it won’t, until it realizes that the hackers are better at what they do. We’ll never be safe as long as the malicious hackers are outpacing those folks who are supposed to be protecting us.
9Companies Don’t See the Attacks Coming
It’s shocking to see that so few companies see attacks coming. Despite all the concerns with security and data breaches, firms aren’t doing things as simple as monitoring database access or server queries. This is basic security that companies aren’t doing because, first, they don’t spend enough money on it or, second, they don’t have the time to care. Following basic security policies might have stopped the eBay attack from happening.
10They Don’t React Swiftly to Them
To make matters worse, once a flaw is exploited, companies are literally taking months to react. In fact, eBay admitted that the attacks occurred in late-February and early-March. Yet the company didn’t discover them until two weeks ago, and it took an additional two weeks for the company to inform the public. That’s embarrassing, and eBay has some serious explaining to do.
11Answers Aren’t Solutions
The truth is that eBay’s response to its data breach—change passwords and don’t worry about your financial information—hardly inspires confidence. The same might be said for Target, which could only offer apologizes and credit monitoring. The answers the affected companies are providing aren’t solutions, they’re Band-Aids. At what point will we all realize that the affected companies should be providing us with real solutions to the problems we face—and not simply handouts to make it all go away?