What consumers and businesses need to do in the event of a data breach
Commenting on a recent data breach of an online discount website, Stewart Room, head of data protection and cyber security at DWF, highlights what consumers and businesses need to do to protect and overcome a data breach. He said:
"This data breach reminds consumers once again that their personal data is always at risk when in the possession of the companies they share it with, due to the threats that companies face on a daily basis from malware, hackers and criminals. Consumers would be wise to think about the risks before sharing data. There are steps that they can take to protect themselves better, such as using strong passwords when they register for online services and refreshing them regularly, providing ‘dummy’ data in non-essential situations, looking for indications of reasonable security at the company’s side, such as the use of https in the browser and, of course, having up to date security software on their personal devices.
"In this case, while the organisation involved advises its customers not to change their passwords, it still might be wise for them to do so while the facts of the case are still unclear. The people affected may also want to keep an eye out for statements or advice from the Information Commissioner and of course, they should be wary of their emails being used for fraudulent purposes, such as phishing attacks. They should also think about monitoring their bank accounts for unusual activity."
What does this mean for businesses?
Stewart said, "Businesses cannot avoid all cyber security risks, but there are many steps that they can take to reduce their vulnerability and to mitigate damage after an incident. Undertaking a security and threat vulnerability assessment is a key first step to understanding risks. Where customer data includes personal identifiers, its use should be minimised and encrypted. A serious compromise of security is not just an operational challenge, but it also damages customer trust and confidence and can lead to very serious legal and regulatory consequences.
"Acting quickly once an incident is detected is vital. Undertaking a proper investigation into what has happened, is key as this will enable the causes to be properly understood and addressed, enabling appropriate containment and then strategies deployed to be deployed. Understandably, access to the vulnerable data needs to be restricted as soon as possible and notifying the people affected, the regulator and the authorities must be on the agenda from the moment of incident detection."
When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. We mainly use this information to ensure the site works as you expect it to, and to learn how we can improve the experience in the future. The information does not usually directly identify you, but it can give you a more personalised web experience.
Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change permissions. However, blocking some types of cookies may prevent certain site functionality from working as expected
These cookies let you use the website and are required for the website to function as expected.
These cookies are required
Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.
They may also be used to personalise your experience on our website by remembering your preferences and settings.
These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.