The Information Commissioners Office (ICO) has warned organisations that they should be doing everything they can to keep the personal customer data safe, as more consumers become resigned to the fact that their private information is being collected by private firms.
A YouGov survey, which found 72% of British consumers are worried about personal data such as email, chat logs, files and pictures being accessed, prompted the ICO to tell businesses that ultimately it is their responsibility to ensure customer data is secure.
With data breaches on the rise and their impact being predicted to affect companies for years to come, cyber criminals are continuously getting smarter about hacking their target systems.
Now that data protection regulations like GDPR are now in full swing, customer data protection should be prioritised more than ever by companies.
With that in mind, security company Sophos shares its expertise on how businesses can fulfil their responsibility to protect their customers.
1. Ensure you have effective endpoint, network and email protection that filters out spam, malware and dangerous file types.
2. Train employees to be suspicious of emails, especially those that contain attachments, and to report any unusual emails or attachment behaviour to IT.
3. Consider a patch assessment tool to ensure your operating system and applications are up to date with the latest security fixes. Most exploit kits see success due to exploits in software for which a patch is already available and just has not been deployed.
4. Install endpoint protection software and/or a secure web gateway that can identify and block exploit kits before they infect your systems.
How to secure, manage and monitor edge devices
5. Crooks want to capture more than just one user’s password and confidential files – they want access to your back-end databases, your PoS network and your testing network. Consider segregating your networks with next-generation firewalls that treat your internal departments as potentially hostile to each other, rather than having one big “inside” fenced off from the even bigger “outside”.
6. Put in place a device control strategy to identify and control the use of removable storage devices – not only does this prevent bad stuff getting in, with data loss prevention DLP, but it can also help stop personally identifiable information (PII) and intellectual property (IP) data from going out.
7. Implement full disk protection and encrypt sensitive data stored on servers or removable media for sharing with business partners.
Is there a weak link in your encryption strategy?
8. Use application control to keep track of, and restrict, unnecessary software that reduces security without adding any needed benefit.
9. Implement a data protection policy which guides employees on how to keep personal data secure
10. If you move to the cloud make sure that the ability to encrypt the data – both in the cloud and also when being transferred – is on your core requirements list.
And… what consumers can do to protect themselves
1. Choose a good password
Don’t use data that other people know, such as birthdays or pets’ names. Make passwords as long and complex as you can, ideally mixing up letters, digits and punctuation, so they are much harder to guess. Have a look at this video showing helpful tips on how to choose a difficult password that’s easy to remember.
Despite some consumers deeming passwords too difficult to remember, according to a recent study, it appears that vendors like Windows aren’t quite going to phase passwords out completely.
Of course, biometric systems such as fingerprint ID and face recognition are becoming more commonly used alongside passwords, or even as an alternative to them.
2. Try to avoid paying funds directly into sellers’ accounts
Paying by credit card or PayPal on Amazon or other marketplaces generally gives you better consumer protection if the goods don’t arrive.
You should also avoid risking your money falling into the hands of fraudulent sellers.
The seven types of e-commerce fraud explained
3. Think twice before clicking on email links
A very quick route to accidentally downloading malware comes from clicking on links in emails or opening attachments. Be cautious when you open emails – if they don’t look legitimate, don’t risk it.
Experts say that this also applies to information entry forms that come with emails such as those stating that you won a competition. Don’t give away personal information if the timing of the email isn’t what was expected.