In response to the news today that Singapore Airlines has suffered a software glitch that exposed customer data, please see below for comment from Kaspersky Lab.
“While the sum of customers affected by Singapore Airline’s data breach is not large, the fact that sensitive details such as passports and email addresses were accessed is particularly worrying. Customers whoentrusttheir privateinformation to the care of a business should be safe in the knowledge that their data is being kept in a secure manner– and this breach, which was caused by aone-off software bug,has exposed some of the airline’s most loyal customers.
“It’s commendable that Singapore Airlines has taken the necessary precautions to inform its customers in response to this breach, as well as reporting the breach to the Personal Data Protection Commission (PDPC)– but the company must ensure that thesecurity solutionsin placesignificantly mitigate the risk of a successful attackas much as possible. there are also other measures that businesses can take in order to provide thorough protection. These measures include running fully updated software, performing regular security audits on their website code and penetration testing their infrastructure. It’s crucial that businesses ensure that all passwords are protected using secure hashing and salting algorithms. The best way for an organisation to combat cyber-attacks is by putting in place an effective cybersecurity strategy before that company becomes a target.”
To ensure consumers can avoid being caught up in a data breach, Kaspersky Lab advises the following:
- Secure your all devices using Internet security software.
- Make sure you apply security updates to your operating system and applications as soon as they are available.
- Only use secure sites. Look for a URL beginning with ‘HTTPS://’ – that’s ‘S’ for SECURE. Look also for a closed padlock on the web browser’s address bar – by clicking or double-clicking on it you will be able to see details of the site’s security.
- Use a unique password for every online site – use a mixture of letters, numbers and special characters and make sure they’re at least 15 characters long.
- Don’t click on random links in e-mails – it’s better to type in a URL yourself, to avoid the risk of ending up on a phishing site. If a deal seems too good to resist, go directly to the website to find it, rather than click on the link, to be sure.
- Stick to familiar brands that you know or have heard of. But even then you need to take care – criminals often deliberately misspell the name of their fake websites to make it look like a familiar top brand company.
- If you do buy from a new vendor, research it carefully. A good test is to see if they can be contacted if the order goes wrong – look for an e-mail, a phone number, an address and a returns policy. A vendor’s feedback history is another good sign of their honesty and reliability.
- Use extra caution when using your mobile device for online purchases. Shortened URLs, often used because they are phone-friendly, can hide the fact that they lead to a risky site. If you have to make a transaction then and there, switch Wi-Fi off and use mobile data. Otherwise wait until you are back on a secured connection.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.