Every day, we hear about another big data breach. Last year, Yahoo! revealed that 500 million user accounts had been breached. eBay had 145 million accounts compromised. The numbers are getting so big, we’re numb to them.
In some cases, sensitive data was leaked. In others, millions of emails are getting a new flood of spam.
If Yahoo!, the White House, eBay, Anthem, OPM and NATO can get hacked, how can organizations like yours stand a chance and secure your members’ data?
Here at Matrix Group, we believe that every organization needs layers of security so that if one layer (e.g., a firewall) is breached, there is another and another.
But here’s one simple thing you can do to make your database more secure: make sure your user passwords are encrypted.
Why do this? If a server has been compromised, aren’t the individual passwords that least of our worry? Not really.
It turns out most people reuse passwords. Which means if one of my passwords gets hacked AND the password is not encrypted, hackers can try my username and password combination on other sites, including online banking and eCommerce sites.
I hear from clients who say they get many customer service calls from members who forget their passwords. They want to be able to view a member’s password so they can provide good customer care. While I understand this, I don’t think helping out a few hundred members a year is worth the risk to the other tens of thousands. Any database worth its salt has a password reset, which you can easily send to members.
If the passwords in your membership database are not encrypted, please, please ask your vendor to do so ASAP. Don’t wait. Don’t hesitate. Do it now!