See http://www.computerweekly.com/news/4500260119/Wetherspoon-pub-chain-warns-customers-of-data-breach for a good update
Some simple issues
1. In a breach, even if full financial data is released the data can be used to "con" victims into releasing other data. Using "Social Engineering" offenders may be able to act as if they are your bank or credit card company and illicit data that could compromise your personal financial security. Have a look at www.getsafeonline.org the UK primary site for cyber security
2. If you are a CEO or Chair of a company, anticipate that you will be in the front line in the event of a breach. In all cases, the top of the organisation has to become the voice of the business. Do you as a company think about how you would cope in the event of an attack, do you exercise or test your processes. for large organisations see www.cybx.org for a very sophisticated approach
3. At board level, do you understand what your IT staff do, have you seen a Firewall in action, do you know the parameters and policy for managing your data? Have your managers and supervisors engaged in creating a common understanding of your technological needs? Do you have access to effective and available technical staff when it goes wrong?
Wetherspoons CEO John Hutson has apologised quickly and rectified as well as identified that the breach could not occur again. The ICO no doubt will have further questions as will the media and shareholders, time spent preventing will ofen far outweigh the costs and time of investigating.
Who's next?
No comments:
Post a Comment
For help adding links see How to add in line links