Proper Inter. Security Guidelines Need To Be Implement To Avoid Data Breach

Posted on

.puters-and-Technology .panies have to sufficiently protect their customer or employee records in order to avoid lawsuit. One way is to provide proper ethical hacking training programs to IT staffs to avoid the time and costs associated with a prolonged legal battle. IT staffs who properly equipped with ethical hacking skills will be able to defend .puter network from being hacked The Briar Group, which operates a chain of restaurants in the Boston area, had to pay $110,000 for failing to take reasonable steps to protect credit card data belonging to thousands of customers. In April 2009 intruders broke into a Briar Group .puter and installed malware designed to steal credit and debit card data. However, the malicious software wasn’t removed in December. 2009. The lawsuit filed was related to the .promise stemmed from The Briar Group’s failure to take adequate steps to protect card holder data. The state office noted that The Briar Group used default usernames and passwords on its point-of-sale systems and allowed multiple employees to use .mon usernames and passwords. The .plaint also alleged that The Briar Group failed to properly secure its wireless network and remote access to its systems. As part of the settlement, the Briar Group had to agree to implement a strong password management system at each of its restaurants and to .ply with the Payment Card Industry Data Security Standard. Early this year, the Online Trust Alliance (OTA) released its 2011 Data Breach Incident Readiness Guide. The guide addresses emerging security and privacy threats, providing prescriptive guidance and questions every executive should ask to help businesses in breach prevention and incident management. According to Craig Spiezle, Executive Director and President of the Online Trust Alliance, "In the past 5 years, over 525 million records containing sensitive personal information have been .promised, significantly undermining the foundation of consumer trust," said. "With the onslaught of criminal and deceptive business activities, we are calling on business leaders to develop a readiness plan. Those failing to act may be faced with increased public scrutiny, regulatory pressures and a tarnished brand reputation." Last year, over 400 incidents were reported impacting over 26 million records for a cost to U.S. businesses of over $5.3 billion dollars. Of these, 98% were a result of a server exploit. OTA indicates a great majority of breaches continue to occur undetected or unreported and the data reported is just the tip of the iceberg. In a separate incident, the personal information of 13,000 individuals who had filed .pensation claims with BP after last year’s disastrous oil spill may have been potentially .promised after a laptop containing the data was lost by a BP employee. The information, which had been stored in an unencrypted fashion on the missing .puter, included the names, Social Security numbers, addresses, phone numbers, and dates of birth of those who filed claims related to the Deepwater Horizon accident. BP said in a statement that the personal information had been stored in a spreadsheet maintained by the .pany for the purposes of tracking claims arising from the accident. "The lost laptop was immediately reported to law enforcement authorities and BP security, but has not been located despite a thorough search," BP said on Tuesday. BP has sent written notices to victims informing them about the potential .promise of their personal information and to offer them free credit monitoring services, the statement noted. The BP .promise is only the latest in a very long list of similar breaches involving the loss of unencrypted personal data stored on laptops, and mobile storage devices. Data breaches are very .mon these days, and many .panies are not disclosing. One way to mitigate inter. security risks is with technical security training. EC-Councils brand new TakeDownCon information security conference series, offers training sessions of the worlds best ethical hacking training program, the Certified Ethical Hacker (CEH). About the Author: 相关的主题文章: