Data Breaches Add Urgency to Demands for Security Code of Conduct - Security - News & Reviews - eWeek.com
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Prompt Notification: What Sony Didn’t Do

Prompt Notification: What Sony Didn’t Do
Written By
Fahmida Y. Rashid
Fahmida Y. Rashid
May 26, 2011
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More


Prompt Notification: What Sony Didn’t Do

1

Companies should disclose the breach swiftly if names and identifying information such as Social Security numbers and passwords are exposed.


Disclose What Exactly Was Stolen

2

Customers should be notified to what extent their personal and financial information has been compromised so that they can figure out their risk (phishing, identity theft, bank fraud) and the next steps to take.


Free Credit Monitoring Services

3

Even though monitoring services arent foolproof, they are a good line of defense against identity theft and potential fraud. Companies should offer two years of monitoring services for free in the event of a data breach.


Encrypt Sensitive Data

4

Not all data needs to be encrypted, but highly sensitive data should be, and encryption keys and applications using the data should be protected.


Advertisement

Protect the Encryption Keys

5

Its not enough to hash or encrypt the data; make sure the algorithm being used is secure and not obsolete. Dont keep the keys on the server, or any intruder with access to the server will have the keys.


Limit Data Collection

6

Companies should not collect more sensitive data than is needed to conduct a given transaction and should not retain it any longer than is absolutely necessary.


Know the Risks and Protect

7

Organizations need to perform risk assessments so that they know exactly where sensitive data is stored and protect them from direct Internet traffic.


Check the Applications

8

Many applications are still vulnerable to SQL injection and cross-site scripting attacks. Regularly test the application and audit changes to ensure there are no security holes exposing data.


Patch, Update Software Regularly

9

Some of the recent data breaches happened because the administrators hadnt installed security patches or updated to the latest version of the software. Patches close vulnerabilities, so install them.


Consumer Data is Valuable

10

Consumer data should be handled as if it was the most valuable resource in the company. Dont leave paper records in unlocked filing cabinets and dont make it easy for anyone to access data. Security should not be an afterthought.
Fahmida Y. Rashid
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information