What we can learn from the Capital One Hack?

You probably heard of the enormous data breach suffered by Capital One, exposing personal data of nearly 106 million of the bank’s customers. What should you take from it? Start with checking if you have taken the following measures to enhance your company’s security resilience to unfortunate but sometimes inevitable situations: Create secure configuration standards documentation, following vendors’ security best practices. Configure your cloud environment security settings accordingly, check your SLA with the cloud service providers and maintenance company, ensuring that your suppliers follow these standards as well. Schedule periodic security assessments to assess whether your intentions are turned into actions. Reduce unnecessary data collection. Define data retention periods and abide by them. This will reduce the attack surface and the potential scope for attackers. The last but not the least, prepare for a rainy day by creating and keeping up to date incident response procedures and training your team to follow them.