[BreachExchange] Information Theft: Don’t Help the Cyber Criminals

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jun 2 18:55:42 EDT 2017


http://technofaq.org/posts/2017/05/information-theft-
dont-help-the-cyber-criminals/

You care about the financial security of your customers because you care
about them, their trust in you, and want their continued business. But with
possible vulnerabilities from the front-end receiver to customer
information stored in the cloud, a security guarantee is hard to promise.
There are a lot of things you can do to help your customers, whether it’s
keeping their data in the cloud, training your staff to handle it better,
or creating a more secure system for taking payments.

Storing Customer Information In the Cloud

Once you get your customer’s financial or personal information, storing it
in a cloud-based security system can help you maintain your customer’s
information, while also reducing accidental internal attrition of
information. Cloud based information storage can also reduce the risk of
hacking, since if setup properly, it removes customer information from the
onsite platform — which could be easier to hack.

While it’s important to put your customer information in a “digital safe”
it’s also vital to find a cloud service that integrates with your software,
is easily accessible, and that your employees can use to easily help your
clients. Employees who can comfortably and securely access client data from
the cloud will help your customers stay safe, as many data breaches come
from human error.

Human Errors

Much of your client data loss will come from internal errors, whether a
client facing element is skimming, or a member of management opens a
sketchy attachment while logged into all their accounts. Training your team
to handle information properly and how to recognize potential attacks will
help you maintain your client’s information security. That might be
disallowing download access for certain people, allowing people to ask
questions in case they think something is off, or teaching them not to open
any links from people they don’t know. Information security is a human
issue more than it is a technical one. Teaching your people how to handle
information in a secure way is one of the best methods of preventing data
loss.

Give an Online Option

Humans are the most likely origin of data loss, especially if you’ve moved
to a secure online program. Cyber crime happens, but it’s more likely
through a bad download than it is to come from an attack on a secure,
well-encrypted cloud.

If you have a great software and cloud provider, your online sales will
probably one of the most secure ways for your clients to make payments,
change account information, or give you information. That being said,
confirming your customer’s identity online definitely needs to be on the
forefront of your thoughts. Their information could have been stolen from
elsewhere, and you may not even actually be dealing with them. Confirming
their identity could include security questions, an uploaded driver’s
license, or an email address verification.

If you heavily rely on online options to maintain information security, be
sure that your site has a malware monitoring service, encrypts information,
and that you have a backup-plan just in case your site gets attacked (or
could be at risk). No one wants to risk it all on returning to a sketchy
site.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170602/af5f0869/attachment.html>


More information about the BreachExchange mailing list