Don't Let Your Business Have an Epsilon Breach

By now, if you’ve not received a notice from at least one of your credit card companies telling you that your email address may have fallen into the nefarious hands of hackers because of the data breach at Epsilon, it means one of three things:

  • You carry no credit cards
  • You’re incredibly lucky
  • You should immediately run out and buy a winning lottery ticket, because you’re unbelievably lucky

Emails are being sent out from any number of firms that used Epsilon to send out email on their behalf, such as Best Buy, Walgreens, Hilton, Barclays, Citibank, JP Morgan Chase, Lacoste, Marriott and others.  Articles are popping up all over about how similar attacks can hit your smartphone, power plant control systems, and more.  

Investigations are under way to determine how Epsilon’s systems were breached and how the hackers gained access to a treasure trove of names and email addresses.  My guess is that when they’re done, they’ll find out that somewhere, someone accidentally gave out some key information that allowed the bad guys to tunnel in—a password here, other key information there.

It’s time to remind ourselves that as strong, secure and protected as our networks may be, we still need to maintain constant vigilance on our own behavior if that information is going to stay safe.  Larry Walsh at Channelnomics.com, came up with a list of common sense tips to keep us from falling prey:

  • Never click on a shortened URL from an unknown source.
  • Never open unsolicited email attachments – especially if they come from an unknown third-party.
  • Always check the domain of strange URLs. Companies like PayPal do not use accounts such as “NoPayPal” as an account notification system.
  • Never use aliases for internal communications; give employees the ability to verify sensitive communications.
  • Rotate passwords at least every 30 days.
  • Encrypt databases—a hacker can’t use information if he can’t read it.
  • Never answer emails from companies you don’t have a relationship with.
  • Match billing information with purchase orders and invoices. Even business documents need multifactor authentication.
  • Clean up Facebook pages of personal information. Social network profiles are treasure-troves of data that can lead to phishing attacks.
  • Remind everyone that there’s little chance that they have a distant relative who served as a diplomat in Nigeria.

We’re proud that at Windstream, our managed network security solution offers state-of-the-art protection, providing the highest level of security available.  But episodes like Epsilon serve as a reminder that we have to keep a constant watch on our own actions, lest we inadvertently serve up fodder for another attack.