McDonald’s has just recently suffered a data breach, proving once again that gaps in security can exist for companies of any size. This incident is a great reminder to reassess your company’s cybersecurity efforts and check compliance against all relevant industry standards and regulations.
The Data Breach
McDonald’s representatives reported unauthorized activity on their networks, which exposed personally identifiable information (PII) of customers in both South Korea and Taiwan. This information included customer emails, phone numbers, and addresses. No US customer data was leaked, however, some business contact information for US employees and franchisees was included in the accessible files. McDonalds claimed only a “small number of files” were accessed before they were able to contain the incident.
Within this breach, hackers had gained access to the organization’s internal security system and maintained access for a week before the breach was identified and closed off. Representatives also stated that employees of both South Africa and Russia could have had unauthorized access to their information.
The Focus on Cybersecurity
Unfortunately, Mcdonald’s is not the only organization lately to suffer a cyber breach as a trend of targeting organizations with ransomware seems to be taking off. However, as the largest fast-food chain in the world with more than 37,000 locations in over 115 countries, they set a clear example that no one is immune to risk.
An interesting statistic from an Accenture study mentioned that 71% of surveyed global risk executives reported that Covid-19 exposed deficiencies in their crisis management plans. Hackers are taking advantage of these vulnerabilities and the shift to a remote workforce to infiltrate companies and hold their data for ransom.
This shift to cyber is demonstrated by the United States’ creation of a national cyber director role, a first within the US government. The first tasks for this role will reportedly include a focus on the ransomware attacks against US infrastructure and dealing with the large breach from Russia. The role will coordinate a cyber defense among agencies and review budgets, moving the US to a more secure position.
How to Stay Protected
Ransomware works by finding a path into the system and quickly spreading to all connected systems to lock and encrypt as much data as possible. Hackers look for vulnerabilities to create an opening and get as much data as possible. This malware is mostly spread through phishing emails or by tricking employees into downloading fake files. As seen by how large corporations and governments are struggling, there is no easy solution. However, there are some easy solutions to start.
The first step is to be aware and to create a plan. Like many organizations are now realizing, cybersecurity is vital to an organization’s success. Ensure you have a team responsible for this effort, and they can begin with a security assessment, using industry standards and required frameworks as a starting point. This assessment will identify vulnerabilities and gaps within your organization so you know where to improve.
The second step is to keep antivirus software up to date. Again, this is a simple step but is often overlooked. Update internal policies to let all employees know that updates are required and set company devices to automatically search for updates and install them the day they are discovered. This keeps devices protected and helps counteract human error, which is often responsible for ransomware.
Another step for security is to enable two-factor authorization across all company devices. This has become a standard for many organizations and you may have even seen prompts across personal email accounts and by your financial organizations. This helps control access to sensitive systems and data by denying access to hackers that may have stolen a user’s password.
Another major point for cybersecurity is to backup your data. This is in a scenario where you’ve already been breached and your data is being held by ransomware. While there are still consequences and setbacks for that breach, a proper backup will allow you to continue operations and avoid paying the ransom. Backups should not be stores in the same place that houses the original copy. Have regular data backups scheduled and stored offline where they are secure.
For more cybersecurity protection guidelines and to perform a free assessment on your organization, start a free trial of CyberWatch, our cybersecurity risk assessment platform. It will provide free access to our content libraries that have specialized data protection criteria. Gain a calculated risk score across all areas of your organization to learn where your greatest risks lie, how to properly allocate resources, and how to mitigate those risks. You’ll also benefit from automated reporting and data analysis, so you can present your findings and track progress with minimal effort.