There have been hacks from some very high profile companies that made front-page news recently. Though each hacks is different, there are common best practices to learn.
1. Suggest that your users provide a unique password
Users should have a random and different password for each site they use.
The problem with a stolen password is that frequently the user has leveraged
the same password across several accounts.
2. Leverage your user’s phone as a second factor
If two-step
verification is set-up, then it wouldn’t matter if passwords were compromised,
because the hacker would need to know the password and have physical possession
of the authentication devices – in most cases the end users phone.
3. Verify users when they exhibit unusual behavior
During sign-in, users can establish their phone as a
trusted device. When the user logs in from a new device or engages in unusual
behavior or behavior that patterns fraudulent activity, a secondary
authentication occurrence should be triggered.
4. Collect a phone number for important alerts
Attaching a verifiable phone number to an account enables you
to streamlining password resets and secure communication to your user base if
there is ever a system-wide data breach.
5. Communicate, communicate, communicate
Companies that have
been hacked need to quickly tell users that a breach occurred, how it occurred,
and what the user needs to do.
Be transparent about what data was compromised and what you are doing to fix
the problem. Give your users peace of mind by explaining how you protect their
password, credit card information, and other important details.
Just
as companies buy insurance to cover fire or flood loss related to their
buildings, organizations have to insure their most valuable asset: their data.
And the best ways to protect data is following best practices and learn from
the companies that have been hacked.
No comments:
Post a Comment