You have to feel for Yahoo – there was a time they seemed to have the keys to the kingdom. Now, if you Google them, you’ll see a litany of bad news stories. And with the Verizon deal of $4.8 billion on the table, that’s bad news indeed.
At a hosted tech conference on Wednesday Wall Street Journal, Marni Walden, a Verizon executive vice president, and their president of Product Innovation and New Businesses, referred to the proposed deal, saying "I've got an obligation to make sure that we protect our shareholders and our investors, so we're not going to jump off a cliff blindly."
Not exactly inspiring words from a potential investor… But why has this tech giant found itself in such a precarious position, and what lessons can be learned from their situation? Absolutely it is in part because of the recent drubbings they’ve had in the press, and the fallout they’ve seen in terms of adverting revenues. However, it is interesting to look a little closer into these recent trials and tribulations to see the damage that a significant hack can do to an organization.
The first thing to be acknowledged is that leaving yourself open to getting hacked in the first place is very bad for business. If the first thing Google tells your existing and potential customers about your organization is that it leaks private data, that’s a long way to climb back into the positive. The fact that it took two years to come to light that hackers had stolen user information for 500 million accounts is clearly not the best way to reassure users they are being protected. US senators have called the two-year delay “unacceptable” and said they were “disturbed” that Yahoo has only just disclosed the breach. That’s two years in which account holders may have had their data compromised, and they have been unable to remedy the situation. It’s a huge trust issue, but also begs the questions as to why the data was not better protected?
Remember that the breach occurred in 2014 – a year after Edward Snowden came to global attention. This is important because in the post-Snowden world, it is baffling that a tech giant could hold such vast swathes of data unencrypted and so unprotected. By introducing two-factor authentication, Yahoo could have neutralized much of the threat of the attack from the start, and perhaps even made themselves less of a target.
While the genie isn’t going back in the bottle in this instance, the good news is that two-factor authentication strengthens login security by requiring two methods to verify the user’s identity. In simple terms this can be described as a combination of something you know (a unique password), something you have (a secure smartphone app that allows you to approve authentication) and something you are (retina and fingerprint scans). The two-factor approach keeps your data protected, because it makes it measurably more difficult for anyone to pretend to be you. Even back in 2014, it really shouldn’t have been just for the banks.
For all the bad news, Yahoo has provided the rest of us with some timely reminders. Hacking is a big deal – if it happens to you, be prepared to for serious and unexpected consequences. Your customers expect you to take the necessary actions to protect their data – to take their right to privacy seriously and invest in it. There are great technical solutions for cyber-security across the board. Be proactive in researching them, get your teams to bring you their best bets and suggestions. Acknowledge the challenge exists, and if you can, make a positive of it. We’ve worked with a range of organizations, including Verizon, to provide their customers with military-grade encrypted mobile communications solutions. Their customers know that their provider is doing everything possible to ensure their privacy and protection. It’s a promise to the customer, insurance for the future, and one very attractive differentiator in a crowded marketplace.
So, if nothing else, remember that the customer is king – if you lose their trust, you had better have an extremely good plan B. Because right now, if to look something up is to ‘Google’ it, then to ‘Yahoo’ something probably means to have accidentally given it away.
Harvey Boulter, Chairman, Communication Security Group