Hyatt has published a list of all its hotels hit by malware that was found on its customer payments system last year is certainly a step in the right direction in terms of data breach transparency by large organisations.
In addition, the fact that the hotel chain has teamed up with a security firm to give its customers who have stayed at one of its compromised hotels free security protection for one year, demonstrates that companies holding customer data do recognise that they have a huge responsibility to keep it safe, and make sure it doesn’t fall into the wrong hands.
Unfortunately, for anyone affected by the breach, this response has come too late and highlights that businesses and consumers need to consider security procedures before a data breach forces them to – prevention is always better than cure.
In an incident such as this, lead times between the breach taking place and the business in question discovering whether cybercriminals have customer data at their disposable, coupled with the lead time between the business finding out and notifying the customers, can equate to a long time resulting in lots of damage.
There are a number of risks that all organisations that transact online need to consider. For example, cybercriminals can use phishing messages to redirect customers to fake websites, they can use install malware on customer computers to steal their account details and passwords, or they can use malware to intercept financial transactions and create fraudulent transactions.
Any business that handles financial transactions has a responsibility to secure the personal data of its customers, in addition to securing its own data. This must start with providing a security of web-based transactions. It must also include hashing and salting of passwords and encryption of other personal data- so if they are to experience a breach, its customers feel safer in the knowledge that the data is encrypted. To further reduce the risks, it’s important that they implement anti-fraud monitoring technologies to analyse a customer’s behaviour during online transactions and to detect other suspicious activity within their IT infrastructure. This mitigates the risks of a possible lack of security at the customer’s endpoint, over which they have no direct control.
In light of the upcoming EU data legislation which will force companies to disclose data breaches, organisations need to begin to consider how they may deal with such an attack.
About Kaspersky Lab
Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.