If you’ve been paying attention to the latest trends in IT, you may have noticed that hacking attacks and identity theft are growing problems many businesses have to deal with.
Several recent high-profile hacking attacks may serve as a reminder to companies about the importance of having robust policies in place with regards to login details.
In one case, some users of Dropbox were caught out after hackers were able to use username and password details stolen from other sites to gain access to the cloud storage service.
The firm responded to this by adding extra security measures to close vulnerabilities created by this. New features include two-factor authentication and additional automated mechanisms to detect suspicious activity.
In a blog post, Dropbox also urged users to improve their online safety by ensuring they use unique passwords for all their online accounts.
The company said: “Though it’s easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk.”
Elsewhere, Amazon has sought to tighten its security procedures after a hacker discovered the site allowed people to change account settings over the phone, as long as a caller could provide their name, email address and mailing address.
As all of these may be easily found online, it resulted in a hacker gaining access to the account of Wired reporter Mat Honan. This meant they could view select credit card information, which in turn allowed them to steal more personal data.
Marie Johnson, Marketing Manager at NetBenefit gives the following tips for password protection.
What these attacks demonstrate is that many people may be vulnerable to identity theft if they do not take care with their account information. However, there are several key steps they can take to minimise this risk.
Central to this is thinking carefully about the usernames and passwords you use to log in to accounts. For example, if you’re using an email address as your username, this may not be secure especially if the address is available elsewhere on internet. Similarly, using easy-to-guess or repeated passwords should be a big no.
As it may be difficult to remember multiple passwords, taking advantage of a password manager such as 1Password or LastPass could be highly useful. However, if you do this, you’ll need to make sure your master password and username are especially strong to avoid putting all your sites at risk.
Communication is one of the most important tools in business and is a skill integral to every role within an organisation. Communication ensures everyone in a team has a clear understanding of their responsibilities in contributing to completing any task. Communication ensures customers are at the centre of discussions for the initial scoping of their solution, through service delivery, to daily support and management. Communication ensures we work at enhancing processes, doing things smarter and more effectively. Communication is key to a successful, thriving business, Therefore the theme of communication was the ideal focus for a day linking up with our new colleagues in Southampton.
First stop was the PEER 1 state-of-the-art data centre facility in Portsmouth.
The datacenter has been designed especially with flexibility and scalability in mind and has impressive green credentials. Modular ‘pods’ mean the use of space can be customised based on requirements. 11MVA of available power more than meets the needs of high performance computing. A revolutionary cooling system called Excool results in an amazing Power Usage Effectiveness ratio of 1.1 and makes the building the most energy-efficient data centre in the UK. The data centre goes beyond ticking the boxes. There’s attention to detail and the highest standards in every aspect of the site from security to client build rooms.
We then headed to Ocean Village in Southampton to meet more of our peers aboard the Princess Caroline. We all went through acting exercises demonstrating communication and working together. By lunchtime we all knew a lot more about each other. The seriously hard work of assimilating the complexities of communication (aka fun) continued in the afternoon when we had the opportunity to act out our favourite joke. Have you ever tried that before? I would urge you to – it’s very very funny. Often even more hilarious than the joke itself! We were still laughing as we made our way across to the PEER 1 offices where we were given yet another extremely warm welcome – inclusive of streamers, cake, more cake and a quick game on the pool table – before heading back to London. Whether it’s got something to do with overlooking a beautiful marina there’s definitely a creative atmosphere at the Southampton office.
We all communicate with our customers and peers on a daily basis. We can achieve more and have a sense of a job not just done well but a job done exceptionally well if we communicate well. During the day with the fantastic team in Southampton there were so many exciting and expressive ways in which we were communicating and that really thrills me about the future as part of PEER 1 hosting.
Written by Caroline Skene
If your company is handling cardholder data, one of your top priorities may be becoming certified as PCI DSS compliant to reassure their customers and partners you are fully secure. This may be a complex and intimidating process for some firms, particularly smaller organisations that do not have the resources to dedicate to the process.
If this is the case for you, it may be you can therefore benefit from NetBenefit’s new ‘Snakes and Hackers’ infographic, which offers several tips to businesses looking to become PCI compliant, as well as highlighting some common pitfalls to be avoided. In it, we use the familiar board game to illustrate the essential steps you must take to successfully complete the process.
This is critical in the current environment as, with the number of cyber attacks on the increase, having a fully secure system has never been more important for companies doing business over the internet.
But if you think PCI compliance is just for large firms, think again. Online retailers of all sizes now need to prove they are working towards this goal, as many payment service providers will not work with merchants that are negligent in this area. Therefore, the Snakes and Hackers infographic could be a valuable tool to companies seeking to understand exactly what they need to do in this area.
NetBenefit Marketing manager Marie Johnson explained: “Small and medium-sized businesses that are unsure of what the PCI DSS process requires may look to take advantage of the ‘Snakes and Hackers’ infographic, as it offers a comprehensive overview about what they need to do to ensure customer information is kept fully secure.”
“Businesses are reminded of key steps such as the importance of keeping their anti-virus software up-to-date and testing their processes on a regular basis, as well as maintaining a robust security policy across their business. These elements are vital, as companies that neglect to conduct a quarterly review of their network may be putting their PCI DSS compliant status in jeopardy if they fail to respond to the latest threats facing the sector.”
You may think becoming PCI compliant sounds like too much effort, but the increasing number of security breaches means it is almost inevitable a business will come under attack sooner or later.
Therefore, if your firm does not have procedures in place to guard against this eventuality, it may see significant consequences, both financially and in terms of reputational damage.
Following the simple tips and processes laid out in the ‘Snakes and Hackers’ infographic, you will help your journey get on the road to becoming PCI compliant and ensuring your systems are fully prepared for whatever attacks they may face.
Marie continues “As we are one of the UK’s few Level 1 PCI DSS certified service providers, you can rest assured you will receive the highest quality advice and assistance when partnering with us to achieve PCI compliance.”
Putting aside comments about only accepting cookies if they are double chocolate chip and associated with a cup of hot coffee, the EU Cookie Law which comes into force on 26 May is a significant change for online businesses, impacting user experience across the majority of websites on the Internet. The Law originated from amendments to the EU Privacy and Electronic Communications Directive made in 2009 and was imported into UK law in May 2011. UK companies were given one year to comply. The aim is to ensure that any organisation collecting information from a web user must request their consent first. With a recent KPMG study indicating that 95% of websites are not yet compliant with the new law, how should organisations approach this challenge and what issues need to be addressed? Companies face fines potentially as high as £500,000 therefore how much time and resources should be invested in achieving compliance?
Qubit has reported that the law will cost the UK Internet economy as much as £10 billion if compliance is implemented poorly or incorrectly. With the Information Commissioner’s Office (ICO) introducing a level of flexibility into their guidance and many issues open to interpretation, there does seem to be a requirement for clarification, especially around the nature and timing of consent. A cookie associated with core website features eg related to the shopping basket within an ecommerce site will likely to be compliant without changes since the user has made an explicit request. However a cookie utilised to present a selection of online adverts to a user based on their previous browsing history would require provable, informed consent. Organisations will have to consider the impact of such a break in the flow of the user journey through the site on brand experience and, subsequently, revenue. As an example ICO have been trialling such an explicit ‘accept cookies’ feature on their own site (http://www.ico.gov.uk/) with just a 10% opt-in rate. However ICO’s guidance does muddy the waters slightly by stating that in some cases inferred consent is acceptable; further that consent does not necessarily have to happen prior to placing the cookie on the user’s computer, it can happen at a point soon after.
Organisations will need to work with their web developers and designers to decide on a strategy towards compliance. Activities such as cookie audits are beneficial and demonstrate a practical and constructive attitude. If a business utilises cookies for targeted advertising or personal recommendations to its online users then they will need to identify a solution which both satisfies the ICO but does not negatively affect their customer base. Affiliate marketing, which relies on cookies to record where users see specific brand promotions, may be another area heavily impacted by the law. Large organisations may have the resources to assign to such projects, however smaller online businesses may not.
With this level of uncertainty it’s no wonder most organisations are expected to take a wait and see approach. It is probable initial enforcement by ICO will focus on situations where no attempt has been made to notify users and that even then reasonable timescales in which to take remedial action will be applied. Regardless of the exact nature of the changes applied to websites under the new law, Internet users can expect to be hearing and having to understand a lot more about cookies in the future.