Gumtree hack a reminder for SMEs not to have a “set and forget” mentality when it comes to online security: Experts

Tony Abbott picks up a $300 fridge from Gumtree: Should retailers be worried about the rise of online classifieds?

Gumtree’s recent security breach should serve as a reminder to small businesses that they can’t have a “set and forget” mentality when it comes to protecting customer data, according to experts.

Late last month online marketplace Gumtree revealed how some of its users’ information was compromised during a security attack.

Hackers gained access to people’s names, email addresses, and phone numbers.

Read more: Complacency over cybercrime cost $3 trillion in 2015

However, customers were told their passwords and payment details were not accessed.

A spokesperson for Gumtree told SmartCompany the incident was resolved “within minutes” and was an isolated event.

“We’ve since taken extra steps to protect user information,” the spokesperson said in a statement.

“The affected users, privacy regulators and the Australian Federal Police have been notified.

“Safety and security of our community remains our number one priority and we continue to educate our users about staying safe online and identifying potential scams or phishing attempts from fraudulent parties.”

Security expert Michael McKinnon told SmartCompany Gumtree alerting its customers to a data breach is best practice.

“There is still – in this country and many other parts of the world – often no legal obligation to have to disclose a breach,” McKinnon says.

“There are a lot of companies today that are getting hacked that we never hear about. But if you’re looking at the long-term reputation of your business, disclosing a breach is always the preferred outcome.”

David Markus, founder of IT services company Combo, told SmartCompany this incident serves as a timely reminder for small business owners to put customer security first.

“What we can see in SMEs is this set and forget mentality,” Markus says.

“If they put in a firewall, it was put in years ago and it hasn’t been maintained since. It’s key that people make use of the functionalities and security of the tools that are out there. If you’re going to go to the cloud, choose A-grade providers.”


Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
5 years ago

we have a problem with Cybersecurity, from the smallest single person doing business to the larger corporations.

Set and forget is only a small proportion of problems associated with digital protection.

It will never happen to me, we have nothing worth stealing and the digital criminal is stupid are the constant responses to the implementation of digital security. This constant litany just shows how stupid we are to believe the rhetoric.

There are a number of things that have to be implemented to make any organisation relatively safe (we can not be totally safe and anyone telling you is lying). They include putting the right technology in place, having the right management components to manage them, having a fall back position (resilience) and then complying with all of the regulations for your country and industry.

The most important system that you can implement in digital protection is to get it independently tested. Tested like a hacker would attack.