IRR Strategies

IRR Strategies Privacy Expert: Breach Took Down Code Spaces in 12 Hours Yet Company Could Have Easily Avoided Being 'Dead in the Water'

 

Miami, FL -- (ReleaseWire) -- 03/10/2015 --Code Spaces, a code hosting service, was forced to fold after an attacker compromised their internal systems and held them for ransom.

Montgomery Blair Sibley, IRR Strategies Senior Vice President of Privacy Compliance, says Code Spaces was "dead in the water" once their data was compromised.

"It took only 12 hours to take them down. They not only have lost data, but they'll never get back credibility from their customers. Never," Sibley says. "Their failure to have a two-step authorization for access to the dashboard for cloud services, prima facie negligence, is a very common mistake companies make. That, coupled with the lack of separate backup services had them dead in the water."

Details of the denial of service attack (DDOS) were posted on the company's home page and outlined the boxing match for control that ensued, including control panel messages, ransom demands and ultimately, a TKO: "data, backups, machine configurations and offsite backups were either partially or completely deleted."

Part of the company's statement: "Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of on going credibility."

Sibley, who is certified in 21st century issues of Cyber security and Information Privacy regulation, consults with enterprises of all sizes to help them avoid the costly consequences of ill-though-out, ill-advised decisions in the privacy realm.

"Our first order of business is to conduct a thorough Privacy Assessment to analyze for vulnerabilities and address them before a privacy crisis. If Code Spaces had done this, we would have uncovered the failure to have non same cloud-provider-based backup for the critical data and recommended a more robust backup program. Just like Target's massive data breach last December, Code Spaces board of directors could also be liable for any loss to the company's customers," Sibley said, emphasizing that small and medium-sized businesses should take note.

"If it can happen to the big guys, it most certainly can happen to the little guy. Every company today has to realize that they are 'data stewards' of personal information of their customers, their employees and others and they have an obligation to protect it. What's more, good privacy practices increase a company's value and reduce potential liabilities. And, privacy compliance is easily achievable."

Sibley recommends companies of all sizes start with a self-assessment – http://irrstrategies.com/legal-services/privacy-compliance/privacy-self-assessment

If a more thorough assessment is warranted, contact:

Montgomery Blair Sibley, CIPP (Certified Information Privacy Professional)
855-301- 6220, ext. 1014
msibley@irrstrategies.com

About IRR Strategies
Miami-based IRR Strategies, LLC provides global solutions for business (BPO) and legal process outsourcing (LPO) to underserved small and medium-sized enterprises (SMEs), as well as to private equity and venture capital investors in such enterprises. IRR Strategies acts as a broker-dealer of outsourcing services, contracting with customers and subcontracting to suppliers, in each case all around the world. Our services decrease operating expenses and increase cash flow, thereby improving the internal rate of return (IRR) on capital investments.