First the country’s largest bank has a huge data breach, and now the nation’s largest bond insurer admits that it inadvertently exposed sensitive customer information through its website. As an example of the old maxim, “Man has no greater enemy than himself,” MBIA, Inc. allowed unfettered access to a subset of very sensitive customer information (think: customer names, account and routing numbers, balances and dividend amounts) via a poorly configured webserver that opened up this data to the general internet. Access was so unrestricted as to allow search engines to index up to 230 pages of information that also included administrative login credentials that could lead to much more significant security breaches throughout the MBIA infrastructure.
What this means for you:
Today’s technology is a resounding testament to how innovative humans are, but equally apt to demonstrate just how fallible we can be. In the digital world, a simple mistake can lead to millions being compromised in life-affecting ways. Most of you aren’t responsible for millions of customers or their data, but imagine if you had to contact your hundreds or thousands of customers with the bad news that “due to a configuration error” their data was leaked to the internet, and probably in the hands of cybercriminals. Whether it is thousands or millions, it would still be a nightmare, especially if your business isn’t big enough to be able to count on the data breach fatigue that has allowed Target, Home Depot and JP Morgan to sail past titanic failures in security. In the end, your security boils down to one thing: humans, not machines. Knowing this, you should always hope for the best (we will get better at this) and plan for the worst: we’re going to make a lot of mistakes along the way!