Data breaches are becoming a regular occurrence and are now increasingly high profile, covered heavily within the media. Not only are such breaches causing businesses excessive financial loss, they are also causing great reputational damage, which is arguably more detrimental to a company’s overall success.
Take for example the recent data breaches on large organisations such as online dating site Ashley Madison and holiday firm Thomson, both of which heavily affected the already dwindling trust consumers have in businesses. The level of security businesses are applying to our all-important data is more in doubt than ever. In fact, a recent survey from Elitetele.com revealed that a massive four in five consumers aren’t confident that their financial information is secure when dealing with big brands. Despite this, many of us willingly give up our financial information with no questions asked, simply because we feel as if we don’t understand enough about security.
However, there is more we can do and we have more power than we think in securing our data. Yes, it may be considered largely a business’s responsibility to protect this for us, but there are a few steps we can take as consumers to help protect our sensitive information. By asking the right questions, at the right time, will help you to be more aware of what a measures a business has in place to secure your data, before you part ways with it.
Try asking the below simple questions early on to help you ensure the company you’re dealing with has the capacity to store your money correctly and compliantly :
- Are you using vendor-supplied defaults for system passwords and other default security parameters?
If businesses are using default passwords and not setting new and secure ones, they may be opening themselves up to data breaches and hacks. To support this, the recent Verizon Business Data Breach Investigations Report found 97% of data breaches are due to weak passwords as well as using outdated software versions[i]. The businesses you engage with as a consumer should have strong and secure passwords in place to gain access to your information.
- What measures are in place to protect my cardholder data?
Measures businesses may take could include restricting access to data to a need-to-know basis, as well as monitoring and verifying users who access this data. In addition to this, businesses should be regularly testing security systems and processes to test vulnerabilities. Robust measures should be put in place to ensure your data isn’t left exposed to prying eyes, internally or externally.
- Do they use and regularly update anti-virus software or programs?
Anti virus software is vital to protecting businesses from unwanted malware and viruses that can infect business systems. The recent attack on dating site Matchbox.com was the result of hackers installing malware on its system[ii]. This highlights why it is essential for businesses to ensure anti-virus software is up to date to tackle potential attacks that can put your important data at risk.
- Do they develop and maintain secure systems and applications?
There are many different ways businesses can store your data, if the business doesn’t maintain these systems or the applications they use to store and manage your data, they risk using out of date systems that aren’t sufficient and enough to tackle new threats.
- Are the employees you engage with trained to ensure compliance is understood and implemented across the board?
Data security and compliance is no longer an issue just for the IT manager to worry about – it needs to be understood across the board. Your main point of contact will be the staff you interact with, if they are able to demonstrate an understanding of the processes involved to keep your data safe, it offers peace of mind to you the end user.
It can be easy to overlook some of these areas, but by asking some of the above questions, warning signs may be raised. Data breaches have become commonplace and businesses are constantly under the prying eyes of hackers. So don’t leave the full responsibility of your data’s security in the businesses hands. You can help protect the safety of your personal information by looking out for signs of compliance before divulging important financial information to brands.[su_box title=”About Elitetele.com” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.