What can brands learn from the Facebook data breach?
The data scraping attack that exposed the personal information of 533 million Facebook users may not seem like a problem for e-commerce brands. Much of the media analysis of the leak focused on how Facebook delayed reporting the incident, downplayed the severity, and planned to “Normalize” data leaks. However, any data breach or breach poses a threat to brands and merchants, and they need to know how to protect their business.
While it is true that the recovered data did not include passwords or credit card numbers, it did include information that fraudsters can exploit, such as phone numbers, email addresses, and locations. This creates opportunities for crooks to impersonate brands, phish their customers, take over their accounts and make fraudulent purchases. These types of fraud can erode customer trust in brands and retain brands with lost revenue, higher fraud costs and costly damage to reputation. Here’s how brands can protect their social presence, protect customer data, and prevent account hack fraud after massive data breaches like Facebook’s.
Protect your brand on social media
Since data breaches often lead to phishing attempts against people whose data has been exposed, and because identity theft is a common phishing strategy, brands need to monitor social media and the web. typically to detect impostor accounts, user profiles and websites. Report social media imposters to the platform and report impostor websites to their web hosting service.
Keep in mind that crooks can also hijack your legitimate social media accounts to steal data and direct customers to phishing sites. Protect your brand’s social media handles by
- restrict login access to a small group of trusted people.
- using strong passwords and two-factor authentication.
- protect your company’s devices and networks with security software to prevent intrusions.
You can also use your social platforms to remind your followers that your brand will never ask them for their login credentials or payment information on social media, email, text, or phone.
Build or revise your brand’s incident response plan
Every business needs a response plan before they experience an intrusion or data breach, so you can act quickly to limit the damage and preserve your customer relationships. The SANS Institute recently updated Incident manager manual is available online. In 19 pages, it describes what you need (plans and equipment) to react quickly in the event of an attack on your business.
It also describes the key elements of a good intervention plan:
- Preparation, including response policies, communication plans, designation of response team members, etc.
- Identification suspicious or malicious activity on your networks, email system, or website.
- Containment threats by isolating affected equipment and network segments and performing forensic system backups.
- Eradication to remove threats from affected machines and networks and get them back to working order.
- Recovery to bring restored systems, websites and equipment back online with testing and monitoring.
- Review lessons learned to avoid similar incidents in the future.
While your technical response team follows these steps, your communications team should complete all reporting requirements to comply with GDPR, CCPA, and other applicable data privacy rules. To maintain your brand’s credibility, they also need to educate your customers and the media about the extent of the violation and what you are doing to resolve the issue.
Watch for signs of ATO fraud after major data breaches
A data breach of your store that includes login credentials can quickly lead to ATO fraud. However, data breaches in virtually any business can lead to spikes in e-commerce fraud as many people reuse passwords for multiple accounts. Even in a situation like the recently disclosed Facebook incident, which did not include passwords, phishing attacks can lead to ATO fraud if crooks can trick affected social media users into sharing bank accounts, online shopping or social account logins.
ATO fraud can be difficult to detect because orders appear to come from good customers. Machine learning fraud control algorithms can identify unusual behaviors that may indicate fraud, such as logins from new devices and locations, purchases that deviate from past customer habits, and shipping to new ones. destinations.
When your fraud checks are raising flags, there’s another step you can take to protect your brand: manually review flagged orders instead of automatically rejecting them. The extra step of having a fraud analyst review suspicious orders can save you from losing revenue on a good order and offending a good customer.
This is very important, because 39% of consumers in five countries Sapio Research March 2020 survey for ClearSale stated that they would never do business with a merchant who rejected their order again. A quarter of them said they would post the rejection on social media, spreading brand damage. So combining machine learning and manual review can protect your brand against ATO fraud due to data breach and the damage false denials can cause to your customer relationships.
Brands need to protect their social presence, protect customer data, and avoid #accounttakeover fraud after massive #dataleaks like Facebook’s. # cybersecurity #respectdata
Data breaches are an ongoing problem
There was 1,001 documented data breaches in the United States alone in 2020, affecting over 155 million people, and the number of violations has tended to increase over the past decade. The data they exposed can be useful to crooks for years. All of this means that brands must remain vigilant about protecting their own data, have incident response plans, and scrutinize orders to eliminate fraud while ensuring the right customers can complete their purchases.