Just as news of the massive Equifax data breach begins to die down, a new one pops up. And to everyone’s horror, the latest hack involves one of America’s most beloved food chains—Pizza Hut. Between October 1st and October 2nd, the restaurant’s website and mobile app were hacked, exposing the personal data of as many as 60,000 Pizza Hut customers. According to the franchise, the breached information could include customers’ names, email addresses, physical addresses, and even credit card information. Ordering a pizza online seems innocent enough…until you realize that it could potentially put your credit card, or even your personal data, at risk of a mobile app security breach.
So what does this latest hack teach us about information security? I think that there are a couple of key things at play here. First of all, as consumers we have to be aware that potential cyber threats are all around us. Recently, bigger corporations have been the ones getting hit—we all heard about Equifax and Forrester. Those breaches, while substantially more serious, also make more sense: hackers have a lot to gain from getting into a corporate system containing massive amounts of financial data. Where we don’t expect to get hacked is on a pizza delivery website we use all the time, and one where sharing our personal and financial information is merely secondary to our actual purpose for being on the site. But one of the most important aspects of security awareness is realizing that our personal data is first and foremost ours to protect: no matter how much we trust the company or the site, no matter how unlikely a breach may seem, they can and do happen…all the time. This can be hard to hear, especially because in order to function in a world that runs almost entirely on the web, we count on a certain measure of trust and reliability between consumer and provider. And for the most part, that trust is deserved: in return for our business, organizations take measures to keep us secure. But the unfortunate truth is that, when push comes to shove, no online platform is totally safe. And while it is of paramount importance that companies do their utmost to secure their systems and prevent breaches from happening, we as consumers owe it to ourselves to be vigilant, and to do everything we can to protect our own valuable data.
So, what are some concrete steps we can take to actually do that? Given the fact that we all use the internet—including online payment platforms—multiple times on a daily basis, how can we keep our information as secure as possible without giving up the web entirely? First of all, staying well-versed in current personal security awareness best practices is vital. Availing yourself of training resources like the ones GLS has to offer will keep you up-to-date and aware of threats and solutions. As we take so much pain to emphasize, information security isn’t merely a corporate issue: personal data must be properly secured, and it is incumbent upon every individual to learn how to secure it. Incidentally, the more individuals arm themselves against breaches and do everything in their power to keep their data safe, the less success hackers will have in pulling these moves on us. Personal security awareness is a lot like self-defense: taking classes and learning how to arm yourselves against attackers will not only protect you in the event of an attack, but will create a culture in which attackers succeed in harming us less and less. There’s nothing a hacker or a thug dislikes more than a strong and informed public.
Practically speaking, there are a few easy steps you can take to help ensure your own personal security awareness as you navigate the internet and share your credit card information online:
- Avoid unsecured sites: if it doesn’t have an https:// in the web address, seriously reconsider entering sensitive data.
- Be cautious even when using secured sites. Even if the site is secured (as big sites like Pizza Hut’s are likely to be), that doesn’t mean that it is equipped to adequately protect your financial information. Just because a site accepts your credit card number doesn’t mean that it is necessarily properly set up to do so.
- To this end, check to see whether the site uses an added personal security awareness measure like 3DSecureauthentication, which protects your card information by creating an additional password barrier.
- When offered, consider using PayPal to pay for merchandise. This limits the number of places where your credit card data is stored and reduces the likelihood of theft.
- Utilize a fraud-prevention service like LifeLock. Sometimes even taking every possible precaution can’t prevent a fraudulent incident—in that case, catching the fraud early is key.
- Keep in mind the risks involved in any online transaction: use wisdom when deciding how or if to share your credit card information online, and when in doubt, err on the side of safety. Better the slight inconvenience of foregoing a purchase, or making it in person, than the major inconvenience and potential danger of getting defrauded or having your identity stolen.
Staying secure in the web-based world we live in today can be tricky. It seems as if there are potential dangers all around us, and yet sometimes those dangers can be so overwhelming that they almost force us into a state of uneasy complacency. Is there anything we can actually do to protect ourselves? Of course. Education is the first step, and careful and cautious internet practices are next. Overall, we need to approach our current situation—and the risk that come with it—with our eyes open. The more we understand how and why breaches happen, and the more we try to equip ourselves against them, the better off we’ll be. Some variables may be out of our control, like whether and how certain organizations choose to protect themselves, but we can always stand up for our own security. Talk to a representative at GLS today about taking the first step.
What Can You Do?
Learn more about organizational security and how GLS’s Anti-Phishing Simulation Tool Can Help