Comcast Breach – brand reputation killer or reputation builder?
In my previous article, I discussed the Comcast breach – which involved the company resetting roughly 200,000 user accounts after customer information and login credentials were compromised and put up for sale online.
Ultimately, Comcast has denied any wrongdoing and responsibility for the compromise of user accounts. Instead, claiming that the breach was a result of users engaging in risky online behavior and having poor cyber hygiene.
I would argue that companies have a responsibility to protect their customers by providing them with the solutions and tools they need to protect themselves and their identity online. I would also argue that doing so – even if there was a small cost per customer involved – is beneficial for all parties.
According to a Consumer Affairs report, Comcast has a current “one out of five” star customer satisfaction rating. One would think that a company that is working to improve their overall customer experience and improve customer satisfaction could benefit by showing that the online safety and security of their customers is a priority.
Given the current security breach, customers are understandably alarmed that their personal information may be vulnerable to similar attacks in the future. Their consumers need to be 100 percent assured that their sensitive account information is no longer at risk. Offering strong security solutions and tools that enable customers to better protect themselves online would send a clear signal that Comcast values its customers and is serious about protecting their personal information.
Security breaches occur frequently, but better cyber hygiene and the use of certain security tools can reduce an individual’s risk. By implementing a multi-factor authentication (MFA) solution along with convenience and ease of use, not only can help mitigate and lessen the potential for credential theft, it can also lighten the load on the end user while keeping it convenient and simple. Ultimately, you want your customers to feel secure and know that you are looking after their best interest, which in turn, after all, should also be yours.
This same type of solution can be integrated to allow sign-in and authentication on Comcast accounts, making it much more difficult for hackers to compromise credentials and access information. By utilizing MFA on their own log-in and authentication process, Comcast can ensure that brute force hacks and stolen credentials can’t be used to compromise their user accounts – which often also feature access to email and cloud storage.
Too often we see companies quick to blame the issue on bad practices of the end use, reality is, even though it would have helped there is a responsibility of helping protect your customers from themselves. It starts by ensuring customer identities are secure by implementing strong password hygiene, requiring passwords to be changed every 90 days, implementing a multi-factor authentication system that will reduce the risk and protect their customers.
Should Comcast – and other ISPs and utility companies – decide to take this pass and implement MFA, there are some things they should look for in a solution. First, it should offer Out of Band authentication to ensure that it’s safe from malware. Next, it should be and conduct authentication across multiple factors to ensure that malicious actors can’t gain access to accounts. Finally, it also needs to be easy to use so that customers don’t get turned off or circumnavigate the system.
In the end, we have an ongoing issue around breaches, and the majority seem to point directly at bad hygiene, reuse of passwords, etc. I could pick on Comcast here, but the truth is that most companies have done a poor job when it comes to protecting their customers. Convenience is good, when it helps the customer but should never be at the cost of the customer and their personal information.