This week’s Knowledge Update talks about Equifax cyber-attack leaving 143 million people’s data at risk, security flaws that puts billions of Bluetooth phones and devices at risk and cyber attacks are made easy as nearly half of companies fail payment security.
Equifax cyber attack leaves 143 million people’s data at risk
Around 143m customers of Equifax could see their data at risk following a cyber-attack on the firm earlier this year. Hackers are said to have managed to steal customer names, social security numbers, dates of birth, addresses and even driving licences, leaving customers now worrying their identities could be stolen.
Staff should be made aware of the threats posed from phishing through training and awareness sessions. Policies in regard to acceptable use of computer equipment, handling data and payment processes should be implemented and adhered to.
Prevention advice for Phishing can be found here.
Also, implementing encryption and digital signatures across your business will secure your sensitive data and reduce phishing attacks.
Security flaws put billions of Bluetooth phones and devices at risk
It’s thought to be the most widescale set of vulnerabilities based on the number of devices affected, hitting Windows desktops, Android devices, older iPhones and iPads, and smart devices.
Businesses should look to implement a Bring Your Own Device policy so employees can use personal devices for business securely. An explanation of BYOD and a guide to implementation can be found here.
Also, anti-virus software should be installed on your device and automatic updates should be enabled. Anti-virus software can be used to detect and remove malware from your corporate network(s).
Cyber attacks made easy as nearly half of companies fail payment security
Almost half of companies around the world failed to comply with payment security regulations, risking their future ability to take card payments. According to Verizon’s Payment Security Report, 45% of all companies assessed didn’t comply with the payment card industry rules, failing to scan their systems for vulnerabilities often enough and sometimes even not encrypting data.
Protecting customer data is a legal duty. Cyber Essentials provides a framework, backed by the UK government, for businesses to improve their information security. More information can be found here.
Also, organisations should ensure that staff are appropriately trained in regard to regulations such as the Data Protection Act (a checklist can be found here).
By implementing encryption and digital signatures across your business it will also secure any sensitive data and reduce phishing attacks.