Top IT data security threats revealed and what organisations must do to stop them

The Information Commissioner’s Office (ICO) has published a security report, “Protecting personal data in online services: learning from the mistakes of others”, providing best practice on how to avoid eight common IT security vulnerabilities that most frequently lead to data security breaches. The flaws include poor password storage, poorly designed networks in inappropriate locations, a lack of protection from structured query language (SQL) injection, poor decommissioning of old software and failing to update software. The report makes a number of recommendations including hashing and salting passwords, creating a well-designed security architecture, being aware of all of the components of a service to ensure that they are fully decommissioned and implementing a software updates policy.

Updating software has become even more urgent since Microsoft stopped supporting its Windows XP operating system and the uncovering of the security flaw, Heartbleed. The ICO says that all organisations should have a basic understanding of these types of threats and that, while the report is aimed at data protection officers and senior managers, IT security professionals may also find it of use.

Anyone who processes personal information must comply with eight principles of the Data Protection Act. The seventh data protection principle imposes data security obligations on organisations and the ICO can issue fines of up to £500,000 for serious breaches of the Data Protection Act.

Recent fines include the £200,000 penalty issued to the British Pregnancy Advice Service after the details of service users were compromised due to the insecure collection and storage of the information on their website, and the £250,000 fine issued to Sony Computer Entertainment Europe after the company failed to keep its software up to date, leading to the details of millions of customers being compromised during a targeted attack on the Sony PlayStation Network Platform.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s