IT Security & Network Security News & Reviews: Data Breaches Add Urgency to Demands for Security Code of Conduct

 
 
By Fahmida Y. Rashid  |  Posted 2011-05-26
 
 
 

Prompt Notification: What Sony Didn't Do

Companies should disclose the breach swiftly if names and identifying information such as Social Security numbers and passwords are exposed.

Prompt Notification: What Sony Didn't Do

Disclose What Exactly Was Stolen

Customers should be notified to what extent their personal and financial information has been compromised so that they can figure out their risk (phishing, identity theft, bank fraud) and the next steps to take.

Disclose What Exactly Was Stolen

Free Credit Monitoring Services

Even though monitoring services arent foolproof, they are a good line of defense against identity theft and potential fraud. Companies should offer two years of monitoring services for free in the event of a data breach.

Free Credit Monitoring Services

Encrypt Sensitive Data

Not all data needs to be encrypted, but highly sensitive data should be, and encryption keys and applications using the data should be protected.

Encrypt Sensitive Data

Protect the Encryption Keys

Its not enough to hash or encrypt the data; make sure the algorithm being used is secure and not obsolete. Dont keep the keys on the server, or any intruder with access to the server will have the keys.

Protect the Encryption Keys

Limit Data Collection

Companies should not collect more sensitive data than is needed to conduct a given transaction and should not retain it any longer than is absolutely necessary.

Limit Data Collection

Know the Risks and Protect

Organizations need to perform risk assessments so that they know exactly where sensitive data is stored and protect them from direct Internet traffic.

Know the Risks and Protect

Check the Applications

Many applications are still vulnerable to SQL injection and cross-site scripting attacks. Regularly test the application and audit changes to ensure there are no security holes exposing data.

Check the Applications

Patch, Update Software Regularly

Some of the recent data breaches happened because the administrators hadnt installed security patches or updated to the latest version of the software. Patches close vulnerabilities, so install them.

Patch, Update Software Regularly

Consumer Data is Valuable

Consumer data should be handled as if it was the most valuable resource in the company. Dont leave paper records in unlocked filing cabinets and dont make it easy for anyone to access data. Security should not be an afterthought.

Consumer Data is Valuable

Rocket Fuel