Protecting a business and its customers against cyber-attack and data loss is a multi-faceted, relentless task that requires careful consideration and robust systems and policies. Some elements of this are more complex than others but ultimately those challenges can, and must, be overcome.
What there is no excuse for, however, is a business knowing about, and failing to rectify, a simple, easily fixable flaw in its cyber-security as seen with PayPal this week. Having been alerted by an Australian hacker that a flaw existed in some aspects of its two-factor authentication system, making it possible for it to be by-passed, in June, the hacker went public with the flaw this week as it had still not been resolved.
A fundamental flaw, such as this, in how the authentication is handled, is easy to avoid and shouldn’t have been allowed to occur in the first place and what’s more it is simple to fix. Two-factor authentication, when properly executed, can add invaluable layers of security, providing the user chooses a strong password.
It is critical that any flaw, whether it be simple or complex, large or small, is addressed quickly and efficiently to provide businesses and their customers with maximum security at all times. In this instance it would appear PayPal has been lucky that it has not suffered a major breach as it works to fix the issue. However businesses can’t, and shouldn’t, rely on good fortune as a method of cyber-security.