Sunday, November 30, 2014

Is the sky falling Henny Penny?

Sony fell victim yet again to a large scale breach.

http://www.csoonline.com/article/2852982/data-breach/sales-contracts-and-other-data-published-by-sonys-attackers.html?utm_source=twitterfeed&utm_medium=twitter

And why do I post this in the Wapack Labs blog? Nearly all of the open source lists are buzzing with this right now, but I've not seen anything in the local sphere, so here's the deal folks...

Holidays are upon us. You need to know this.. no retailer will be safe from theft. Sony spent an enormous amount of money, recruiting top talent and diving deep into security after the first breach (Playstation) a couple of years ago.

When you swipe your card, or when you watch a customer in your store swipe a card, there's a strong probability that somewhere along the value chain between swipe to processor all the way back to the bank that issued it, and the network that it's carried on, are going to have vulnerabilities that will allow it to be stolen.

Here's what you do about it...

Pay attention. Watch your bill. The fraudsters usually hit you with small charges (<$20). Call your card company immediately.

One of my favorite sites is the Federal Trade Commission's educational site. I went to school with the guy that leads the cyber education effort... there are some great (and short) education pieces here for consumers and companies alike.

From the consumer perspective? Try this. 

Business? Try this.

I should mention... it's not always your fault... when security vendors fail to do the work, but they still pass on the 'trusted seal', both businesses and consumers end up with the short end of the stick. In one case, a noted security company attested to the fact that a site was secure, when in fact it wasn't..

Realizing education takes time, and most people don't like to read, if you've got a concern, and you're a business in the area, give us a call.  We're here to help and we can both answer your questions, and monitor your network for bad things that may be happening.  Doing your best to make sure you keep your customers information (payment information, private information, etc.) safe, is a massive responsibility --but it is just that -- a responsibility.

Enjoy the read. Give us a call if you need help!
Jeff