Lessons from the Canva hack

We recently discovered one of our email addresses on the dark web following a hack of Canva, an Australian-based company that provides a simplified web design tool.

In May, hackers breached Canva’s data, leaving approximately 139 million users’ data compromised, including names, usernames, email addresses, city, and country information.

Although Canva has confirmed hackers didn’t access passwords, it still urged users to change them as a precautionary measure.

Even if you use the web for only business and the forces of good, you can still be compromised through a third-party app or website. Needless to say, it’s never been more important to monitor your data and protect your passwords.

Lesson 1 for Consumers: Dark Web Monitoring

The dark web is not indexed by Internet search engines; instead, it’s only accessible using special software that allows users to remain anonymous or untraceable. Suffice to say, it’s known for criminal activity.

We monitor our clients’ domains (and our own domain) using 365 Sentinel, which is part of our 365Care+ solution. It helps detect and mitigate cyberthreats in real time – threats that leverage stolen email addresses and passwords on the dark web.

Hackers can add your data to the dark web at any time – that’s why monitoring it is an important process and the first step in tracking and ensuring your data is safe. If your data is on the dark web, here are some simple steps you can take:

1. Scan your computer with anti-virus software to ensure it has no malware.
2. Change your passwords to ensure they are strong and different on each account.
3. Check your credit cards and financial accounts to ensure there is no illegal activity.
4. Implement two-factor authentication on your accounts whenever possible.

Unfortunately, once your data is on the dark web, it’s pretty much impossible to recover. Thankfully, in the case of the Canva breach, the company protected its customers’ passwords, which is the prize data for criminals and the thing you want to most protect.

The best advice is to use preventative protection: using strong passwords that are different on each account with two-factor authentication.

To check if your email addresses have been compromised, visit haveibeenpwned.com.

Lesson 2 for Businesses: Implement Security Protocols

Data breaches are not slowing down or going away anytime soon – as evidenced by ZDNet’s “The scariest hacks and vulnerabilities of 2019.”

The best way for organizations to protect their customers’ data is to understand the data that’s being collected and implement strong security protocols, including cybersecurity documentation, a firewall, two-factor and biometric authentication, and monitoring controls. Part of these efforts should always be employee education, keeping your software updated, and being aware of all, potential security issues.

How we can help you and your business stay secure

Many small- to medium-sized businesses don’t have security protocols in place, or the knowledge to put them in place. That’s where we can help.

Our 365Care+ fully managed solution includes proactive technology management and a dedicated network administrator who applies best practices in security, business continuity, and asset management to improve your organization’s performance and reduce risk.

Click here to learn more about our 365Care+ solution, or contact Steffyann Bisnauth, our Business Development Coordinator, to find out how we can protect your business now and keep it secure in the future.