Client login EN | FR
← All articles

August 5, 2019

The Capital One Breach – How to Protect Your Business

Two false assumptions most Quebec business owners hold when it comes to security: – Believing we are not big enough to be attacked. – Believing our data is worthless. -> Zero risk does not exist. We have all told ourselves that it only happens to others. Or rather, we hope it never happens to us. …

Two false assumptions most Quebec business owners hold when it comes to security:

  • Believing we are not big enough to be attacked.
  • Believing our data is worthless.

*-> Zero risk does not exist.*

We have all told ourselves that it only happens to others. Or rather, we hope it never happens to us. First it was Equifax a few years ago, then Desjardins, and now Capital One. All told, more than 8 million accounts have been stolen. If you have not been affected by at least one of these, go buy a lottery ticket right away.

How it happened

In Capital One's case, it all started with the decision to store their data in Amazon's cloud infrastructure *(AWS)*. In itself, that is an excellent business decision. The mistake was rather to think it was a "bulletproof" solution. In fact, a misconfiguration of the infrastructure allowed the hacker to access the stolen data fairly easily. These types of IT solutions offered to businesses are far more accessible today than they used to be. That said, make sure they first meet a genuine need and that they are configured optimally for your company. After all, it is your reputation that is on the line.

Is there a risk for businesses?

Because of their size and operations, businesses often lack the budget and expertise that larger companies have to protect themselves. Yet 80% of business owners believe they are safe precisely because they are much smaller. Think again. That is exactly what an IT manager at a business based here in Montreal told me before losing all of the company's data to a team of hackers. The ransom to pay: more than $1 million. If you are not impressed by the numbers, here are some more: 54% of fraudulent emails and roughly two-thirds of attacks target businesses rather than large enterprises. Still not convinced? Here is a link to an article titled * «Comment une cyberattaque devient un cauchemar pour une Startup montréalaise» *. No, it is not the same company I mentioned earlier, but yet another…

How to protect your business

Protecting yourself does not have to be expensive. 5 easy steps:

  • Train employees on the risks of cyberattacks and how to prevent them
  • Strengthen your passwords. It is explained * here in our article. *
  • Do. Your. Updates. Again, * explained here *.
  • Put a good antivirus in place.
  • Backups, backups AND… tests! Taking regular backups is good, but make sure you also test them. When disaster strikes, that is not the moment to find out whether your backups actually work…

*(psst, if you do not know where to start, here is a guide we put together)*

Sources:

Les Affaires – Alain Mckenna – Capital One, Desjardins, Equifax: on sait déjà qu'il y en aura d'autres ,

Les Affaires – Daniel Germain – Vol de données: maintenant, des clients Costco! ,

Radio Canada – Janic Tremblay – Les PME québécoises trop vulnérables aux cyberattaques ,

Streamscan.ai – Comment une cyberattaque devient un cauchemar pour une Startup montréalaise ,

Times of India – Capital One shares drop on questions over hack ,

InfoSecurity Magazine – Five Reasons Hackers are Targeting SMEs ,

TruShield Insurance – Cyber attacks on small businesses continue to rise: Are you protected? ,

The Telegraph – What every SME needs to know about hackers and cyber-security

Photo credit: National Post

An IT project or a question?

Talk to an MMO Techno expert — clear answers, no jargon.

Contact us