Breach of Data Security: Protect your Small Business

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.freshbusinessthinking.com/business_advice.php?CID=0&AID=15229&Title=Breach+of+Data+Security%3A+Protect+your+Small%#.Vbaiw7NViko

Hacking is once again in the news after the adultery site Ashley Madison
suffered an attack by the “Impact Team” that claims to have stolen details
of names, addresses, credit card details and sexual preferences and
threatens to publish them unless the site is shut down.

Chris Froome, the Sky cycling team rider and favourite to win this year’s
Tour de France has allegedly had his training files hacked into and
allegations are now circulating that the data is only consistent with using
performance enhancing drugs.

Ashley Madison and the Sky cycling team are just the latest in a growing
list of high profile companies that have had their systems hacked into. In
2011...

...Sony announced the loss of PlayStation customer data and Apple announced
that it had been hacked in February 2013.

In April 2013 the Department for Business, Innovation & Skills (BAS)
published results of a survey it carried out that showed that 93% of large
businesses (employing more than 250 people) and 87% of small businesses had
reported a security breach in the previous year.

These attacks can come from both inside and outside the business, caused by
staff or unauthorised outsiders. One in 10 large organisations had had
confidential information or intellectual property stolen.

The Information Commissioners Office has said that the security provisions
within the Data Protection Act 1998, in particular the 7th data protection
principle include cyber security and the need to protect personal data from
cyber security vulnerabilities including cybercrime.

The ICO fined Sony £250,000 following the hacking of its PlayStation
network in 2013 and in March 2014 fined the British Pregnancy Advice
Service £200,000 after it was hacked and in October 2014 fined Worldview
Ltd £7500 after it suffered an SQL injection attack.

Any business that retains information about its customers, especially
credit card and or financial details represents a target for hackers and
needs to make sure that it is cyber secure or risk facing claims for breach
of contract/negligence from its customers or suppliers (including credit
card companies seeking to recover the costs of cancelling and reissuing
credit cards and reimbursing cardholders for fraudulent use of their
details) as well as fines from the IOC.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!