Thanks for following Cyber Security Awareness Week! We’ve covered several important topics in a short space of time, and many can cross over with each other. On the final day we’re looking at personal data security and how to avoid a breach. Research suggests that cybercrime is a major cause of data breaches; the number one cause being phishing attempts.
Since GDPR came into force in 2018, ‘data protection’ has been the phrase on everyone’s lips. Recently the Information Commissioner’s Office (ICO) issued intentions to fine British Airways (BA) and Marriott International for breaches both caused by poor cyber security. BA were hit with a potential fine of £183million after the data of 500,000 customers was breached through a spoof site. The ICO’s investigation found that poor security arrangements in some systems (e.g. card payments and login) had led to the cybercriminals being able to create a fraudulent site that customers were directed to. The information they input into this site was harvested by the fraudsters.
Marriott International were issued with the intention to be fined £99million following a cyber security incident in 2014, which was not discovered until 2018. At the time, the hotel group was covered by Starwood, and the ICO found that Marriott International did not undertake sufficient due diligence and should have done more to ensure the security of their systems when they bought out the group of hotels.
Remember the key warning signs of phishing, which were covered in day one of Cyber Security Awareness Week; this is known to be a leading cause of data breaches. Typically, the cybercriminal will send an email asking for username and password, dressed to look like it came from a legitimate employer. They then gain the details to access customer data from mass databases. Personal data is thought to be the most valuable asset to cybercriminals. It can also be harvested through malware or ransomware, covered in day two, or via unsecure passwords which can easily be hacked to gain access to systems.
Have I been hacked?
This site can tell you if your email address has been compromised in any breaches: HaveIBeenPwned
If one of your account passwords has been potentially compromised, then you should change it ASAP. Be very careful of clicking on any link in an email which will take you to a website to change your password. If possible go directly to the website from your web browser, using the organisation’s authentic URL.
To look at any topics covered this week, follow our social media below or click this page on our website: