Sephora Says: What We Can Learn from a Multinational Data Breach

Internet computer security and network protection concept, padlock and key on circuit board

Online stores keep popping up to make shopping more convenient to consumers. Ecommerce helps business owners like you reach out to a larger clientele. But no matter how safe you think you are on the internet, it pays to be vigilant. Take a look at Sephora, for example.

Sephora was hit with a data breach that affected customers not only in Australia and New Zealand but also in Southeast Asia. The online makeup store quickly addressed the cybersecurity incident and sent an email to all affected customers, clarifying that no credit card information was compromised but admitting that personal information might have been exposed to unauthorized third parties.

After investigating the incident, reviewing its security systems and offering a personal data monitoring service to all affected customers, Sephora’s online operations are back to normal.

Worrying Numbers Related to Cyberattacks on Online Businesses

After containing the data breach that affected customers throughout the Asia-Pacific region, Sephora stated that it would implement high-level monitoring for unusual online activity in the future. It isn’t the only company that should be concerned with network security and performance testing, though.

Around the same time as Sephora’s incident, National Australia Bank accidentally leaked the personal information of 13,000 customers. These incidents should in no way provide small businesses with the assumption that they are less a target for cybercriminals.

Approximately 43 per cent of all cybercrimes are actually conducted against small businesses. Despite the massive percentage directed towards them, many small business owner-operators still don’t take a proactive stand against cybersecurity breaches. To drive the point home, 22 per cent of the small businesses affected by the 2017 ransomware attack were not able to adequately recover after the attack.

Installing an antivirus system is not enough if you want to secure your business and avoid contributing to the worrying number of cyberattacks on online businesses. Learn how to protect your assets through limited access, patch applications and regular system backups. You must also learn how to monitor suspicious online behaviour and efficiently recover from an attack.

Different Ways to Address Cyber Security Risks

Lock as symbol for Privacy and General Data Protection Regulation on a notebook computer

There is a valid reason to invest in damage control – you never know when a cyberattack will occur. But why should you devote all your assets and energies to damage control when you can make arrangements that minimise the likelihood of damage in the first place?

Here are three things to remember about cybersecurity:

  1. Understand your risks and vulnerabilities.

As ominous at is sounds, you are at risk the moment you put your business on the internet. For this reason, you must have a thorough understanding of the different ways your business might be affected by cybersecurity risks.

  1. It starts at the top.

The effects of great management trickle down into the way your business operations run. As such, appoint someone in your management team to take charge of cybersecurity. Make sure they focus on protecting your data and assets.

  1. Get everyone involved.

Although cybersecurity starts at the top, you still need to get everyone on board. Educate your staff and your customers about cybersecurity. Encourage them to report suspicious incidents or activities. Vigilance is just as important as actual antivirus software and cybersecurity tools.

Sephora is proof that even large multinational companies are susceptible to cybersecurity risks and small businesses present as no lesser targets to the cybercriminals.

About the Author:

Sign Up
For Newsletter

Hottest articles on your inbox!
Scroll to Top