Data breaches trend continues in the new year
Very few things change much....yet again the New Year has started with more data breaches - a Yorkshire based finance company The Cattles Group, lost two backup tapes containing information of around 1.4 million customers. Though this happened way back in November, they only informed the ICO, customers and employees about it recently.
The above incident is not isolated, Zappos an Amazon-owned online shoe and apparel outlet retailer, had a major security breach whereby hackers accessed the personal information of potentially 24 million of its customers. The personal identifiable information included names, addresses, phone numbers, email addresses; and the last four digits of customers’ credit cards were also exposed.
Criminals and hackers are out there not only to steal data to sell, but also publically embarrass and humiliate organisations. This means that every business collecting and processing personal identifiable information (PII) personal data is susceptible to such risks.
Organisations – big or small – should put measures and controls in place to protect business information and thereby save themselves from adverse publicity and financial loss. All personal identifiable information or data held by an organisation should be identified, classified and documented. Further, access to PII should be controlled strictly on need to know basis, with the flow of PII mapped and restricted. A simple starting point would be to conduct a gap assessment to identify gaps in the current security policies, practices and procedures against the compliance requirements.
