This week’s Knowledge Update talks about the unprotected USB that contained 2.5GB of security information at Heathrow, Hilton has been fined $700,00 after two separate credit card data breaches and NTS have revealed that they are witnessing a rise in online crime.
Unprotected USB that contained 2.5GB of security information at Heathrow
An unprotected USB from Heathrow, containing 2.5 GB of information, has been handed to The Sunday Mirror after being found in London. The USB contained 174 documents and even though some of the files were marked as confidential, they had not been securely protected as they weren’t encrypted, or password protected. Heathrow have now begun an urgent investigation into how the sensitive security information came to be found on an unsecured USB.
Sensitive information should always be protected whilst at rest and when in transit. Encryption and password protection should be implemented on all devices that contain sensitive information. Access controls should also be implemented across the network so that access to information is limited to those that need it.
The enforcement of the General Data Protection Regulation on the 25th May 2018 means that businesses that lose unencrypted sensitive data may be subject to substantial fines. Find out more about GDPR here.
Hilton fined $700,00 after two separate credit card data breaches
Hilton hotel have been fined $700,000 after two separate credit card data breaches in 2014 and 2015 which saw over 363,000 payment cards impacted. Customers were not notified until November 2015, which is more than 9 months after the first breach and more than 3 months after the second breach.
During the first breach in 2014, the PoS malware had been detected as being active between 18 Nov and 5 Dec 2014 which gave hackers access to cardholder names, payment card numbers, security codes and expiration dates.
Protecting customer data is a legal duty. Cyber Essentials provides a framework, backed by the UK government, for businesses to improve their information security. More information can be found here.
Old scams, new tricks as fraudsters adapt
National Trading Standards (NTS), the organisation at the frontline of UK consumer protection, have revealed that they are witnessing a rise in online crime as well as traditional scams. Specifically relevant for businesses is the manipulation of Internet of Things (IoT) devices to steal customer data and the rise in social media platforms becoming selling platforms. Doorstep criminals are also increasingly using websites, social media and fake reviews in their deceptions.
Basic security controls such as changing default passwords and regularly patching software will help secure your business. Awareness is also key in promoting security across your organisation, staff aware of the latest threats are more likely to recognise potential criminal activity and raise concerns. A guide on how best to protect your business can be found here.