How Phishing Emails Led To Target’s Massive Breach: 5 Steps Your Company Should Take Now

March 2014: Think email phishing isn’t a big deal? Think again! Hackers sent phishing emails to one of Target’s HVAC vendors and got exactly what they were looking for —  backdoor access into the retail giant’s network!

Even if you don’t have point of sale (POS) devices, scammers can still get into your network by following the Target-hack blueprint. Here’s what you can do to leap far, far away from being the victim of a similar security breach:

First, understand what the bad guys did.

While some details have not yet been confirmed, KrebsOnSecurity reports that these seem to be the steps the hackers took to steal personal and financial information from 110 million Target customers:

  • Found out which companies Target uses as vendors
  • Sent phishing emails with malware that steal login credentials to employees of Target’s vendors
  • Used the stolen credentials to enter Target’s network, first via a web server and then via a file server
  • Once inside the network, installed malware that skims information from credit cards when they’re swiped at a POS device
  • Tested the malware on a few cash registers then rolled it out to most of Target’s POS devices
  • Continued to steal credit card information until the breach was discovered

Second, block the bad guys at every turn.

Two thirds of people will stop doing business with a company that loses their personal information — that’s crippling! And you should know that attacks are more common than you might imagine. The FBI recently warned retailers that 20 additional Target-style attacks occurred over the past year.

Layered protection is key. Make sure your company takes these five steps:

1) Use best-in-class anti-malware and firewalls. The HVAC company whose credentials were stolen was using free anti-malware that was designed for individual users and not corporations.

2) Isolate your payment network. External systems for billing, contract submissions, project management and other processes need to be physically separate from your payment systems.

3) Carefully secure your vendor portals. Choose reputable cloud vendors and review details of each  Service Level Agreement (SLA). If there’s a breach that is technically not your fault, two-thirds of the people will still want to do business elsewhere.

4) Restrict internal access to your network. Employees make mistakes (or worse). Limit the number of employees who have access to your data center and resources, and keep your BYOD policy updated.

5) Actively monitor your network. The Target breach occurred on November 15. It was discovered on December 15. Your company can do better! Talk to your IT provider about the best ways you can stay on top of your specific network

You may also be interested in: