If you made use of Acer’s online store to purchase a device between May 12, of 2015 and April 28, 2016, we have some bad news for you: There’s a chance you received a letter from Acer to inform you that your card’s credentials were stolen.
If you have not received any letter, congratulations - you may have avoided being one of the 34,500 customers whose information was stolen. This information included the name and address of the cardholder, the card number itself, as well as the expiration date and security code for the card - in short, everything an identity thief would need to make fraudulent purchases on your dime. Fortunately, the social security numbers of the victims have been left untouched by the theft. Those who were affected are contained to the United States, Canada, and Puerto Rico. As an added precaution, any in-store customers would be wise to check on their account information, to be sure that they were not also involved.
Acer has remained mum as to the cause of the breach, quite possibly because many breaches of this nature occur because someone on the inside - usually an employee - falls victim to a malicious email.
While Acer is an obvious target, due to their relatively large customer base, that does not mean that your company is safe from such breaches. In the current online environment, there are dangers lurking in seemingly innocuous places. The best defense is to ensure that both your company and your employees have a comprehensive working knowledge of the threats that plague businesses, and of the best practices that will help you avoid them.
These best practices include:
- Utilizing judgement upon opening email: Very likely the cause of Acer’s troubles, an employee naively opening an email can lead to catastrophic consequences for your business. A favorite method of infiltration, phishing attacks send malicious links to email recipients in hopes that some will shortsightedly click on the link and subject their computer (or entire system) to whatever attack was set in place. To avoid this problem, emphasize the importance of examining every email with a critical eye before clicking through to anything.
- Emphasizing security: While many aren’t likely to admit it, there is a shockingly frequent use of over-simple passwords despite the overwhelming danger in using them. Discourage your employees from using words like “password” as a password, or (if possible) block it as an option entirely. You should also reinforce the importance of never sharing your password with anyone, and not recycling it over different accounts. Set a schedule to have employees change their password after a given period of use.
It’s very possible that Acer is facing the troubles they are because they failed to enforce similar policies with their employees. Take their example as a cautionary tale and implement practices such as these to preserve your security.
For more help in keeping your data protected, reach out to Evolve IT. We can help you implement the practices and procedures to keep your critical data protected.