Comments by: Gary Gardiner, Head of Security Engineering, Asia Pacific, Check Point Software Technologies
The incident with a Singapore electronics retailer highlights the importance of encrypting data, and is a reminder for businesses to look into their data loss prevention solutions. This will assure customers that their data remains safe, and the company does not risk losing credibility in the event of a breach. Companies can consider solutions with the following capabilities:
- Tracks and controls any type or format of sensitive information in motion, such as e-mail, web browsing and file sharing services.
- Educates and alerts end-users on proper data handling without involving IT/security teams, and allows for real-time user remediation.
- Centrally managed across your entire IT infrastructure from a single console. Leverages out-of-the-box best practice policies.
On the consumer end — What happens when a company you are a customer of experiences a data breach and your personal information might be exposed? The following are some of the steps to take:
- Change all your passwords immediately. Be sure to use a strong passwords. A password manager can help you with this.
- Enable two-factor authentication where available. This is essentially is a 2-step verification process.
- If you believe your personal credentials such as social security or driver’s license information has been leaked, apply for a new one with a new number through your relevant local authorities
- If your credit card details have been stolen, contact your bank to block your credit card and replace it with a new one.
- Be more vigilant when it comes to trusting links in emails and SMSes sent to you, especially if your email address or mobile number has been leaked. Scammers could use this for phishing attacks. In addition, be mindful about scam calls.
- Install security software on your devices to protect you from malware, prevent data theft and keep you safe while you visit sites and transact online.
Lastly, here are also some tips for customers to avoid becoming a victim:
- Read up on data privacy practices and engage with vendors with only the right amount of information necessary. Restrict certain services to specific numbers/email-IDs, and where possible, enforce parental controls on children’s accounts and devices.
- It is important to use a mobile platform that emphasises privacy and data security – choose a brand that does not monetise your data.
- Install AV/malware protection applications on your mobile devices as well as keeping your device OS and apps up-to-date to benefit from the latest security fixes.
- When it comes to online accounts, use strong passwords with help from password managers, and enable two-factor authentication at every opportunity.
- Install only apps from official app stores. Evaluate and restrict access to your contacts, location-data, clipboard etc. – for all apps on your phone, especially social media apps that are the worst offenders – be very, very restrictive.
- Apps need to have access only to data they need. Also, uninstall unused/unnecessary apps.