The Marriott/Starwood breach should make us all stop and think about our security practices, both professionally and personally.
This breach impacted 500 million guests and lasted four years. That bears repeating: 500 million people over four years! This is the second biggest corporate data breach in history and very likely affected you or someone you know.
No one wants to end up in the situation of Marriott (or their guests), so here are a few easy ways to change the culture of awareness in your organization – right now.
We should all assume that we are compromised, always. Our email addresses, personal information, and other key attributes are out there. So safeguard your data and stay cautious.
You probably look both ways before crossing a busy street instinctively. Always double check that sender address or web link before you click.
Someone calls and ask questions you aren’t expecting? Don’t engage. Politely verify the company they are with and any identifying information they have on the issue, such as a ticket or account number. Then call back in to the official number. For a credit card, call the number on the back of your card. For a bank, call the customer support number on the card or website. Vendor at work, ask your known point of contact for an official number or email address.
Spread the Knowledge
Use the Marriott breach headlines to remind your company that protecting our data and safeguarding ourselves is a mission critical job.
What’s your company’s policy on suspicious phishing, email, text/social messages, or phone calls? Not sure? Ask. Have an email box or phone number to call? Try it out. Are you a team leader? Bring this up in your next team meeting. Everyone needs a reminder, and now is a good time to start the conversation.
If someone asks about the potential impact of the Marriott breach to their personal information, send them to the official page at https://answers.kroll.com/. What can they do right now? Anyone that might have reused a password or similar password from a Starwood account should change it immediately and monitor all credit cards for suspicious activity. Passwords can get tricky and hard to remember. Try a password manager. Once you adjust your behaviors a little, password managers are actually more convenient than remembering which child, dog, vacation, or season you last based your password on. Or resetting it. Go here for some recommendations.
Didn’t get caught up in GDPR this year? That might have seemed like a win at the time. Big projects take resources. But don’t wait for a regulation to think about the client data your company collects.
The best brands of the future will be thought of as secure and trusting. Be smart about the data you collect, how you store it, who has access to it, and how you update your clients on your policies and safeguards. This is not just the job of the CISO. It is the mission of the company. If you are in a position to have this conversation with your CEO, do it. If you are the CEO, use protecting your clients as a differentiator. Today they will thank you for it. Tomorrow they will expect it.
Drive Cultural Awareness
Helping your employees stay ahead of phishing and malicious attacks not only protects the company, it protects the person.
Building a team that focuses on ongoing education around security, privacy, compliance, and general awareness makes everyone safer. It might prevent a massive breach at work. It could save an employee from falling victim to a personal attack (causing them to miss work or be distracted).
Despite decades of escalating focus on security technologies to prevent, detect, and respond to attacks, we continue to see businesses and individuals fall victim to easily preventable attacks. Invest in educating your people. It will pay dividends for you and for them.
Check out our free resources page for ways to create or improve an awareness program for your organization. MediaPRO provides everything you need to plan, build, and run your security awareness program.