Four Ways Your Company May Be Vulnerable to the Factors that Caused PNI’s Breach
With some of the world’s largest retailers affected, a July breach of PNI Digital Media has led to the longest performance outage in the history of online photo websites. With PNI Digital Media managing operations in 19,000 retail locations and processing 18 million transactions each year, the company has effectively become synonymous with the digital photo industry.
With online ordering making up roughly $800 million of the total U.S. photo printing market, companies involved in the breach stand to lose tens of millions of dollars, at least.
Check the list below and see if your company is engaging in any behaviors that could put your business at risk:
1. Allowing For The Uploading Of Files
While information regarding exactly what hackers stole or accessed is incredibly scarce, it seems that they may have gained entry through corrupted files that were uploaded to the site for processing. If your company’s online presence involves user customization or the ability for individuals to upload files, there is a very serious need for consistent system monitoring to track the path of files and users within the system.
2. Singular Login Credentials
When hackers gained access to PNI, they were able to backtrack through the linked sites and acquire, potentially, massive amounts of data over the year-long span that the hack went undetected. If your system administrators only have to use one or two specific login credentials for full data access, the system may as well be placed on a silver platter for hackers. Encryption and various stages of disconnected logins are critical to the safety of back end functions and security.
3. Depending On External Vendors
The issue for large businesses is expanding operations at an accelerated rate, but only using contractors that are experienced and trustworthy. It’s almost a catch-22, considering the perfect growth-to-protection ratio may never be found, resulting in the security of businesses continually hanging in the balance. This problem was exactly what plagued PNI, as it was simply unprepared to handle not only its own security responsibilities, but also those of the companies it worked for. Even with the most advanced IT team, it is unfeasible, and downright dangerous, to assume that all contractor activity can be fully monitored by a human team.
4. Not Using An Employee Monitoring Platform
The PNI Digital Media breach exemplifies the need for companies to monitor file uploads and contractor activity, as well as establishing protected lines of password-protected access. But perhaps most important is a way to monitor that all of these security measures are being upheld; a task that is best suited for an Employee Monitoring platform. By allowing an all-encompassing platform to be the eyes and ears within a system, all user activities are monitored and dutifully logged to prevent suspicious activity from escalating to breach status.