Last week, payday loan company, Wonga, announced it had suffered a data breach which could affect up to 245,000 UK customers.
The information stolen by hackers includes names, addresses, phone numbers and bank account details.
Professor Alan Woodward, a cybersecurity expert at the University of Surrey, told the BBC “it was looking like one of the biggest data breaches in the UK that involved financial information.”
This isn’t long after the TalkTalk cyber-attack which resulted in the internet provider receiving a record fine of £400,000 last year.
For such a large organisation, Wonga certainly has a duty of care to its customers to protect their confidential details, and by shirking on its cyber-security, it seems it has failed to do so.
Here at Altodigital we’ve looked at some ways large companies could work to protect its UK customers:
1) Penetration testing
Penetration tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or real) and reporting back the findings.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organisation’s security policy compliance, its employee’s security awareness and the organisation’s ability to identify and respond to security incidents.
These can vary from ‘Targeted Testing’ which is run between the company’s IT team and the penetration testing team working together, to ‘Double Blind Testing’ which means the testing is only known by a single person in the company and run as if a real hack.
2) Make your cybersecurity is as tight as possible
Make sure that whatever software your company uses has the current update and read up to make sure that everything is covered. Maybe you need to increase your security plan or need a new supplier completely. It will be a small price to pay to make sure data is safe.
3) Keep an independent back up of the files
Keeping an updated version of files (even if they were updated weekly) in a separate location away from the current server system can mean that they’re protected even if something like this does happen again.
4) Security scan their computer
Having the top cyber-security software on your computer is certainly beneficial, but if your staff aren’t using it to its full potential, it won’t help at all. Running a security check can be inconvenient, especially if the software slows the computer down whilst it is performing the check. However, these checks need to be conducted weekly to ensure that all files and documents that the staff are using are completely safe.
5) Protect the mobile work force
The way we work has completely changed over the past 10 years. With the proliferations of the smartphone, more of Wonga’s staff can work away from the office – and away from the protection of their network security. When someone works out of the office, they work ‘in the open’, it is important to ensure that their mobile technology is as secure as possible. See our blog post on the truth about public WiFi for more information.
6) Implement a multiple-security-technology solution
Viruses that corrupt data are not the only security threat. Hackers, and their attacks, are more sophisticated than ever, and it is critical to have multiple layers of security technology on all the different devices (including each desktop, mobile device, file server, mail server and network end point) to comprehensively secure their data. This multiple security will block attacks on their network and/or alert them to a problem so that they (or the IT expert) can take appropriate action.
Securing your business’ data is not easy, and it takes expertise. However you can implement very practical and simple solutions (such as these tips) to ensure that when a hacker sniffs around your network, they will move on to another victim – because your infrastructure is not worth the trouble of hacking into it.
For more information about how to protect your business email firstname.lastname@example.org