The Information Commissioners Office (ICO) recently warned organisations that they should be doing everything they can to keep the personal data of customers safe, as more consumers become resigned to the fact that their private information is being collected by private firms.
A YouGov survey, which found 72% of British consumers are worried about personal data such as email, chat logs, files and pictures being accessed, prompted the ICO to tell businesses that ultimately it is their responsibility to ensure customer data is secure.
With that in mind, security company Sophos shares its expertise on how businesses can fulfill their responsibility to protect their customers.
1. Ensure you have effective endpoint, network and email protection that filters out spam, malware and dangerous file types.
2. Train employees to be suspicious of emails, especially those that contain attachments, and to report any unusual emails or attachment behaviour to IT.
3. Consider a patch assessment tool to ensure your operating system and applications are up to date with the latest security fixes. Most exploit kits see success due to exploits in software for which a patch is already available and just has not been deployed.
4. Install endpoint protection software and/or a secure web gateway that can identify and block exploit kits before they infect your systems.
5. Crooks want to capture more than just one user’s password and confidential files – they want access to your back-end databases, your PoS network and your testing network. Consider segregating your networks with next-generation firewalls that treat your internal departments as potentially hostile to each other, rather than having one big "inside" fenced off from the even bigger "outside".
6. Put in place a device control strategy to identify and control the use of removable storage devices – not only does this prevent bad stuff getting in, with data loss prevention DLP, but it can also help stop personally identifiable information (PII) and intellectual property (IP) data from going out.
7. Implement full disk protection and encrypt sensitive data stored on servers or removable media for sharing with business partners.
8. Use application control to keep track of, and restrict, unnecessary software that reduces security without adding any needed benefit.
9. Implement a data protection policy which guides employees on how to keep personal data secure
10. If you move to the cloud make sure that the ability to encrypt the data – both in the cloud and also when being transferred – is on your core requirements list.
And… what consumers can do to protect themselves
1. Choose a good password – don't use data that other people know, such as birthdays or pets' names. Make passwords as long and complex as you can, ideally mixing up letters, digits and punctuation, so they are much harder to guess. Have a look at this video showing helpful tips on how to choose a difficult password that’s easy to remember.
2. When buying on eBay or other marketplaces, try to avoid paying funds directly into sellers’ accounts. Paying by credit card or PayPal generally gives you better consumer protection if the goods don’t arrive.
3. A very quick route to accidentally downloading malware comes from clicking on links in emails or opening attachments. Be cautious when you open emails – if they don’t look legitimate, don’t risk it.