It keeps getting worse for Yahoo. Just recently, the company announced its second massive data breach of the year— this one impacting over 1 billion users.

The announcement came on the heels of Yahoo’s September data breach disclosure, which impacted about half a billion users.

This is something we have never seen before; that is, a company with back-to-back data breach announcements, both being the largest publicly-disclosed in history.  

Now, Yahoo’s customers are at a crossroads. Questions abound:

• When is the next data breach coming?
• Why does this keep happening?
• Has Yahoo lost control over its data?
• Can Yahoo still be trusted?

This last question segues into a larger discussion on the value of trust today, where every business is a target for hackers and data is one of the hottest commodities on the black market.

According to one study, more than half of organizations experienced at least one type of cybersecurity incident during the past year. And 39 percent reported two or more incidents.

So does trust — and privacy —still mean anything?

The answer is yes!

Trust, after all, is a commodity. And because it’s eroding among the general public, businesses that can find a way to stay safe and maintain a clean record can use it as a major competitive differentiator.

These may be dark times, and hackers may appear to be winning, but there is still an overwhelming demand for privacy.

So whatever you do, don’t fall under the assumption that a data breach today is meaningless. Your company’s reputation is worth protecting. A large-scale data breach takes years to clean up, and never really goes away. It will continue to haunt your company long after the mess is over.

The most important thing you can do at this point is to make data security a priority in 2017.

Here are some things to consider:

Internal actors: Don’t get so caught up in protecting against external threats that you fail to protect against internal actors. Many data breaches originate from negligent or nefarious internal actors who have unrestricted access to your company’s information.

Authentication: Mobile devices, laptops and computers need to be protected with advanced security safeguards. If your devices have embedded biometric capabilities, make sure your workers are using them. You should also enforce strong passwords, and require users to update them periodically. Don’t make it easy for cybercriminals to hack your accounts!

Security updates: Are you patching your hardware and software regularly? IT needs to keep a close watch on the systems that employees are using to access the network. Unsupported devices and programs must be removed from the organization. Otherwise, they can be exploited by hackers.

Education: This one is a tough pill to swallow, but it’s important: The vast majority of your employees, in all likelihood, do not think about cybersecurity. They click on random advertisements, open emails from strangers and share files with abandon. The good news is they can be trained to think actively about cybersecurity. Consider running a cybersecurity education course, to get your end users up to speed with the latest information about online threats.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

In addition, our new Cybersecurity Compliance Certification for law firms will help keep your legal practice from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all law firms.