Following the data breach faced by password management platform, LastPass, Mimecast chief field technologist for Asia Pacific, Garrett O’Hara, provides his advice on what retailers should do in the wake of this breach.
Retail businesses have access to a wealth of personally identifiable information for their customers, stored in multiple systems from POS to stock management to loyalty programs. It is important for retail staff to have long, strong and unique passwords for each of these systems to avoid any attacker gaining access, according to O’Hara.
“It’s also important to always, where possible, have Multi-Factor Authentication (MFA) enabled for any systems that support it,” he told Retailbiz.
“Employing a password manager with a solid passphrase for the master password helps staff manage all of the different passwords. Following the LastPass breach it’s certainly a good idea for retail staff to change any sensitive passwords and take solid precautions to give their customers peace of mind.
“But, if the zero-knowledge architecture does what it says on the tin, then data is encrypted on the device before being stored in LastPass, so I wouldn’t turn your backs on a password manager at this point. It would still be far more secure than not using a password manager and reusing passwords that are not part of the this breach.
“My advice is take the precautions necessary and/or recommended if you’re a LastPass customer but keep using a password manager.”