On November 9, Tech Crunch reported a data breach occurred at Robinhood, the stock trading platform, resulting in over 5 million email addresses and 2 million customer names being harvested. A smaller group of customers were also affected as hackers were able to obtain date of birth and zip code information.
According to Robinhood, the hackers used social engineering over the phone with a customer sales representative to gain access to the customer support system. While the information is not considered highly confidential (no banking information or social security numbers), it is important to note that this information can be used in targeted phishing campaigns as the hackers now have access to personal information.
Given this news, it is always important to emphasize how critical it is to develop, maintain, and monitor your cybersecurity risk assessment. In Cybersecurity 101 we discussed the risk assessment process including the identification and evaluation of risks, as well as implementing a plan to properly mitigate these risks to an appropriate level.
Managing Cybersecurity Risks
The cybersecurity landscape is constantly changing, and while it is critical for businesses to have these plans and risk assessments in place to appropriately mitigate cybersecurity risks, it is equally important to regularly monitor these items. Not only to ensure that policies, procedures, hardware, and software are operating as designed, but also to ensure changes and new risks are identified and properly addressed.
McKonly & Asbury can assist your company in managing cybersecurity threats by performing a SOC for Cybersecurity engagement to identify whether effective processes and controls are in place as well as provide you with recommendations to detect, respond to, and mitigate and recover from breaches and other cybersecurity events. Please contact our team of experts so we can answer any questions and help you determine if a SOC for Cybersecurity report would be beneficial for your company.