When a technology giant such as T-Mobile falls prey to a cyber-attack, it can seem like there is nothing a non-technology business can do to protect themselves and their customers. Though it may seem alarming, there are important lessons to be learned.
What happened?
T-Mobile is, of course, one of the telecom giants, serving over 100 million customers in the US alone and providing services in several other countries as well. Late summer of this year, T-Mobile was notified by a cybersecurity company that their customer data was appearing on the dark web 1. After preliminary investigations, T-Mobile discovered they had succumbed to a cyber-attack and reported that personal data (e.g. names, dates of birth, social security numbers, drivers licenses, phone numbers) of over 7 million customers and approximately 40 million former and prospective customers had been leaked 2.
How did it happen?
The attacker was John Binns, a US citizen living in Turkey who gained access to T-Mobile’s systems through an unprotected router in a data center in Washington 3. Once he gained access to T-Mobile’s networks, he stole millions of files within a week before his unauthorized connection was discovered and terminated 4.
What we can learn.
T-Mobile is in the business of data security and privacy. Yet, according to the hacker, “their security is awful” 5. If that’s the case, non-technology businesses relying simply on luck and amateur technology skills to protect their data, their digital assets, their customers, and their business are sitting ducks for cyber criminals.
If you are a business owner or manager, here are some actions you should take if you have not already done so. First, get a team of I.T. professionals or I.T. services company to review your network infrastructure for security vulnerabilities. As we have said before, it is no longer a question of whether you will be targeted but when. Second, listen and implement their recommendations. Yes, there may be costs associated with it, but they will be far less than the cost of dealing with the consequence of a cyber-attack. Massive companies like T-Mobile will likely survive the fall out, but most companies will not 6. Finally, develop a relationship with a professional I.T. team or services company and have them review your security protocols at least annually (ideally every six months). The landscape of cyber-threats is ever changing. Our defenses need to be equally flexible.
