T-Mobile, Norton, LastPass Security Breach: What Could They Do Better?

Protecting yourself against cyber threats isn't a "set-it-and-forget-it" solution. Your best defense against hackers is to be aware of cyber-security standards and comply with best safety practices.

Read time: 3 minutes

The uptick in security breaches has got us all scrolling. Today, cyber threats infiltrate our everyday norms. Hackers pop up in the background of every software update, devising newer, cleverer schemes to access your data systems.

When you think you have control of data security, a new virus infects your hardware from the unseen eyes of a bad actor. The solution? We have to try everything in our power to mitigate risk and vulnerability in our data systems.

Of course, no one reads minds. It’s hard to stay on top of the next attack…which begs the question: What should T-Mobile, Norton, and LastPass have done better to keep data safe?

Issuetrak’s Director of Technology Noel Lucas speaks up about preventative measures in an online environment that grows less secure by the minute.

Director Of Technology Gives Advice After Rampant Breaches

Cyber attack, data breach, and ransomware—all terms to make you pause. Each has a gravity we all understand. 

These breach incidents, driven by bad actors' motivations—financial, malicious, or chaotic—show no signs of stopping. 

Protecting or defending yourself against threats isn't a "set-it-and-forget-it" solution. There is no "easy button." Your best defenses are to keep yourself aware of cyber security standards and vigilantly comply with security best practices.

In recent news, Norton LifeLock and LastPass are just two among several companies to experience a security incident. 

Norton LifeLock disclosed that a 'credential stuffing attack' was the culprit for their breach of confidence. LastPass stated hackers obtained employee credentials and keys to access cloud-based storage and copy customer data—including customer vault data.

While we won’t speculate as to what T-Mobile or Norton could have done, did, or could do, we will point out some best practices to consider for your own data security:

Best Practices For Data Security

Use multi-factor authentication whenever possible. 

Yes, double-duty login is a pain. But it’s nothing compared to the pain of dealing with a security breach. Using multi-factor authentication (MFA) as a countermeasure might take you an extra 30 seconds up front—yet will later save you $30K+ in a potential security breach lawsuit (or more, if you consider what’s happening at LastPass).

MFA is effective even in cases where your credentials may be compromised. Because a bad actor needs your second authentication method to gain access, MFA is a comfortable extra layer of security preventing anyone from laying eyes or ears on your data.

Use a password manager tool for your credentials. 

These tools and services can help you stay secure by enforcing strong passwords, encouraging password rotation, and discouraging you from bad habits, such as reusing passwords for different services or sites.

Yes, LastPass is a password manager tool. Yes, indeed, its customer vault data was recently compromised. However, LastPass uses 256-bit AES encryption derived only from each user's master password. 

The weakest link here is the user's master password. Using best practices (NOT reusing passwords across platforms) make it extremely difficult for hackers to guess a master password using brute force.

Use secure development best practices.

You’ve heard us say “best practices” a million times now. But what in the concrete nation does that mean? In other words, don’t keep credentials in plain text or store keys, and don’t keep sensitive data in your repository.

Although we recommend this as a top practice, the list of security best practices goes on. Several resources are available from reputable sources online. 

We know as much as any worker in the tech industry how much we all hate doing security training. But if a single training saves you hours and millions of dollars from a detrimental breach, it could save your job and your company from catastrophe and ruin.

As a word of caution from Issuetrak, the best defenses against large or small-scale breaches is increasing cyber security awareness on your team and adhering to industry standards.

Learn more about how Issuetrak prevents leaks and keeps tabs on security.

Learn how we keep data secure

Noel Lucas

Noel Lucas, Issuetrak Director of Technology

View All Articles

Topics from this blog: Security