dcsimg

Facebook’s plain text misstep, and other password sins

Two days after an article by Brian Krebs disclosed that hundreds of millions of Facebook account passwords had been stored in plain text for years, Facebook released a statement indicating they hash and salt passwords, more or less in accordance with industry best practice. Plain text storage of credentials is a fairly egregious security misstep, but there’s a variety of other ways … [Read more...]

Top 5 tips for tackling the rising threat of data breaches

Cyber security is a daunting topic. Every week there’s a new big data breach, experts are constantly warning that “you’re next”, and the threat of fines and other disciplinary action under the GDPR (General Data Protection Regulation) lingers over all of us. To help you understand how to address these issues, IT Governance Director Steve Watkins gave us his top five tips for staying … [Read more...]

Houzz data breach: Why informing your customers is the right call

Houzz is an online platform dedicated to home renovation and design. Today (February 1, 2019), they notified their customers about a data breach that reportedly happened in December 2018. Data breaches unfortunately have become a common event. In fact, we dubbed 2018 the year of the data breach tsunami. Also Houzz is not a giant corporation with millions of customers. So why are we writing about … [Read more...]

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person … [Read more...]

Marriott breach impacts 500 million customers: here’s what to do about it

Today Marriott disclosed a large-scale data breach impacting up to 500 million customers who have stayed at a Starwood-branded hotel within the last four years. While details of the breach are still sparse, Marriott stated that there was unauthorized access to a database tied to customer reservations stretching from 2014 to September 10, 2018. For a majority of impacted customers (approximately … [Read more...]

3 cyber security threats you need to prepare for

The key to reducing the damage that data breaches can cause is to spot them quickly. Ponemon Institute’s 2018 Cost of a Data Breach Study found that, on average, organisations that identified a breach within 100 days saved more than $1 million (€880,000) per incident. But to be able to spot a data breach you need to know what to look for. In this blog, we break down five common causes of data … [Read more...]

6 ways your organisation can suffer a data breach

Data breaches aren’t only the result of crooks breaking into organisations’ systems and stealing files. They occur whenever sensitive information is accidentally or unlawfully destroyed, lost, altered, disclosed or accessed. This blog explains how each of the scenarios might take place and provides advice for staying secure. Cyber attack Let’s get the obvious one out of the way. Crooks can … [Read more...]

How to tackle the most common causes of data breaches

Data breaches have serious financial and reputational consequences, but the faster you respond to an incident, the less severe the damage will be. In order to respond promptly, organisations need to understand and prepare for the threats they are most likely to face. These typically fall into two categories. The first, external threats, refers to breaches caused by cyber criminals or third … [Read more...]

The GDPR: When do schools need to report data breaches?

As you should by now be aware, all organisations that process EU residents’ personal data must comply with the GDPR (General Data Protection Regulation). The Regulation intends to unify data protection requirements among EU member states and give individuals more control over the ways their data is used. As a result, the rules for processing personal data have become a lot stricter. This has … [Read more...]

Portuguese hospital appeals GDPR fine

A Portuguese hospital is preparing a legal challenge to appeal two fines totalling €400,000 levied under the GDPR (General Data Protection Regulation). at the Centro Hospitalar Barreiro Montijo (CHBM) were raised in April 2018 when the Sindicato dos Médicos da Zona Sul (Medical Workers Union of the Southern Zone) reported that non-clinical staff were using ‘medical’ profiles to access CHBM’s … [Read more...]