How to Protect Customer Data from Cyber Criminals


Learn from Adobe’s Mistakes

If you lead a technology company, the idea of hackers compromising sensitive customer data or intellectual property is among your worst nightmares. With the news of Adobe System’s massive data breach seemingly growing worse by the day, data security has likely been on your mind even more than usual.

Adobe’s recent loss of more than 150 million passwords may go down as one of the largest data breaches on record. The company first reported last month that it had lost records containing credit card numbers of 2.8 million users. The situation quickly escalated when as many as 150 million Adobe usernames and passwords were posted to an anonymous bulletin board frequented by hackers. Adobe has confirmed that at least 38 million active user accounts were affected by the breach and says many of the other passwords and usernames posted are no longer active.

However, even if many of the passwords are now invalid as the software company claims, the real danger is not in cyber criminals accessing customer’s Adobe accounts, but rather in them using customer data to figure out password naming conventions, which would potentially enable them to access even more sensitive information, like bank accounts.

Perhaps even more concerning for Adobe, it appears hackers also stole some of the Adobe Photoshop source code, which could end up in the hands of competitors and/or lead to an increase in software piracy.

So if one of the largest software companies in the world was vulnerable to a massive data breach, how can you protect your customer’s data from cyber attacks?

Here are some steps you can take to prevent hackers from accessing your data.

Perform a risk assessment to:

  • Identify critical data with threats and vulnerabilities to help you define the risk and determine if the risk is being mitigated in the most cost-effective way
  • Align safeguards against the threats

Know your network:

  • Create and update your network diagram
  • Identify servers and disable unnecessary services and ports
  • Patch your servers
  • Monitor outbound traffic
  • Implement strong configuration and change management procedures
  • Segment your network based on risk

Take proper precautions to prevent hackers from accessing your technology company’s valuable intellectual property and sensitive customer data. Not knowing where your weakest link is can affect your bottom-line and disrupt your business’ operations. You don’t want your worst nightmare to come true.

Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.

Leave a Reply

Your email address will not be published. Required fields are marked *

We respect your personal information. Please review our Privacy Policy for more details.