The Information Commissioners Office (ICO) has warned organisations that they should be doing everything they can to keep the personal customer data safe, as more consumers become resigned to the fact that their private information is being collected by private firms.
A YouGov survey, found that 72% of British consumers are worried about personal data such as email, chat logs, files and pictures being accessed, prompted the ICO to tell businesses that ultimately it is their responsibility to ensure customer data is secure.
With data breaches on the rise and their impact being predicted to affect companies for years to come, cyber criminals are continuously getting smarter about hacking their target systems.
Now that data protection regulations like GDPR are now in full swing, customer data protection should be prioritised more than ever by companies.
With that in mind, security company Sophos shares its expertise on how businesses can fulfil their responsibility to protect their customers.
1. Ensure you have effective endpoint, network and email protection that filters out spam, malware and dangerous file types.
2. Train employees to be suspicious of emails, especially those that contain attachments, and to report any unusual emails or attachment behaviour to the IT department straightaway.
3. Consider a patch assessment tool to ensure your operating system and applications are up to date with the latest security fixes. Most exploit kits see success due to exploits in software for which a patch is already available and just has not been deployed.
4. Install endpoint protection software and/or a secure web gateway that can identify and block exploit kits before they infect your systems.
5. Crooks want to capture more than just one user’s password and confidential files – they want access to your back-end databases, your PoS network and your testing network. Consider segregating your networks with next-generation firewalls that treat your internal departments as potentially hostile to each other, rather than having one big “inside” fenced off from the even bigger “outside”.
6. Put in place a device control strategy to identify and control the use of removable storage devices – not only does this prevent bad stuff getting in, with data loss prevention DLP, but it can also help stop personally identifiable information (PII) and intellectual property (IP) data from going out.
7. Implement full disk protection and encrypt sensitive data stored on servers or removable media for sharing with business partners.
8. Use application control to keep track of, and restrict, unnecessary software that reduces security without adding any needed benefit.
9. Implement a data protection policy which guides employees on how to keep personal data secure.
10. If you move to the cloud make sure that the ability to encrypt the data – both in the cloud and also when being transferred – is a must.