Fifty million users should pay close attention to data loss prevention
In one of the most extensive hacking events in recent years, an estimated 50 million individuals are being urged to reset their passwords on the Evernote service. The cloud-based Evernote platform is popular with a variety of end users ranging from college students to small- and medium-sized businesses, providing them with a way to keep track of disparate types of data across many types of platforms. Early this weekend, the Evernote company emailed its millions of users to reveal that the service had been compromised and that user names and passwords might be out in the open. As a result, Evernote has implemented a reset requiring all users to access the site and change their passwords.
One of the Largest Security Breaches
The security notice emanating from Evernote revealed only basic information about the breach, saying in part: “Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.”
The problem could potentially affect millions of business users, many of whom find Evernote’s automatic syncing of notes and productivity features indispensable. The intrusion, however, demonstrates how important it can be for companies to develop and enforce robust policies regarding computer protection. Such policies can minimize the damage caused by breaches that are outside the SMG’s control. For example, it should be a companywide standard that passwords on cloud-based services such as Evernote not show similarity with the passwords used on email accounts associated with such services.
When such passwords are identical or similar enough to make guessability an issue, SMBs may find that company email accounts become casualties of a hacker gaining access to an associated service. Since business email messages can potentially include private information such as a client’s purchase history or even a credit card number, this can lead to serious data security problems.
Time to do a Free System Security Audit
As history continues to tell us, most computer problems that turn into extended downtime and data loss could have been prevented. Unfortunately, most people don’t realize that there were problems brewing until it’s too late, and then it’s an emergency that threatens your business. Our 27 point problem prevention network audit will let you know where you stand.
Source:
http://www.networkworld.com/community/node/82568
