Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Security Affairs

Retail giant Home Depot has agreed to a $17.5 The US largest home improvement retailer giant Home Depot agrees to $17.5 According to the US retailer the payment card information of approximately 40 million Home Depot consumers nationwide.

Retail 107

E-learning: the effective way to train your team

IT Governance

It is widely acknowledged that the retail and hospitality industries experience high staff turnover: frontline roles are often filled by temporary, young or part-time staff, the hours can be long and unsociable and the work can be physically demanding. Despite the operational challenge of staff turnover, there is still a need to ensure that teams are trained to perform not only their core duties but also to do so safely. They can also start and stop the training at will.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

DPIAs for retail and hospitality 

IT Governance

It’s relevant for everyone, including retail and hospitality. Retail and hospitality organisations will likely need to conduct several to cover all their processes, both new and existing. Common activities for retail and hospitality requiring DPIAs. To give an idea of what activities may require a DPIA in real terms for the retail and hospitality sectors, here is a non-exhaustive list: CCTV.

The Anti-Tom’s Guide to Reckless Holiday Shopping

MediaPro

Blog Confessions of an Awareness Nerd Foundational Security Awareness Thought Leadership cybersecurity online shopping retail scams security awareness security awareness trainingThe post The Anti-Tom’s Guide to Reckless Holiday Shopping appeared first on MediaPRO.

Sports retail giant Decathlon leaks 123 million customer and employee records

IT Governance

Decathlon, the world’s largest sporting goods retailer, has suffered a massive data breach, affecting 123 million customer and employee records. Cyber security researchers at vpnMentor found a leaky database on a publicly accessible Elasticsearch server.

How data breaches are affecting the retail industry

IT Governance

Only time will tell – and we may not have to wait long – but in the meantime, what is the impact of data breaches in the retail industry, and what needs to be done to mitigate them? World-famous retailer Fortnum & Mason suffered a data breach , affecting 23,000 of its customers, through a Typeform service used to collect votes for one of the categories in its food and drink awards. Despite the prospect of fines and other penalties, many retailers are still not PCI-compliant.

Finance sector must simplify staff awareness training

IT Governance

Financial services firms must do more to educate employees about cyber security, according to the FCA (Financial Conduct Authority). In a report published last month , the FCA urged organisations to tackle staff awareness training at all levels, and to ensure the lessons are simple and appropriate to the environment that employees work in. Organisations need to make staff awareness training a board-level priority. Staff awareness training is a crucial part of this.

Point-of-Sale (POS) Security Measures for 2021

eSecurity Planet

It’s a tough time to be a retailer. According to security firm Gemini Advisory, the Fin7 hacker group stole data on more than five million credit and debit cards that had been used at HBC credit card terminals beginning in May 2017. Three steps to an ideal POS security solution.

Sales 52

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security.

Cloud 69

Heathrow Airport fined £120,000 for data breach

IT Governance

The ICO (Information Commissioner’s Office) has fined Heathrow Airport £120,000 for failing to secure sensitive personal data after a member of public found an unencrypted USB stick containing data about the airport’s staff. Subsequent investigations undertaken by the ICO have found that just 2% of Heathrow’s 6,500 staff were properly trained in data protection. Make sure that staff training is on your agenda and that you and your organisation are #BreachReady.

Sailing the cyber security waves

IT Governance

However, despite these on-board systems being vital to operations, cyber security isn’t quite as robust as it needs to be, leaving ships vulnerable to attack. The motives for an attack aren’t always sinister, but the maritime industry needs to acknowledge the cyber security risks ships face and take steps to counter the threats. This could include: Staff training ; Limiting user privileges; Keeping systems up to date; Implementing encryption methodologies; and.

Radisson Rewards programme breached

IT Governance

In its announcement, the group said : All impacted member accounts have been secured and flagged to monitor for any potential unauthorized behavior. Staff awareness training is essential, along with compliance with regulatory frameworks such as the GDPR and the PCI DSS (Payment Card Industry Data Security Standard). Cyber Security Data Protection EU GDPR Retail #BreachReady data breach phishing awareness staff awareness training

Key Developments in IoT Security

Thales Cloud Protection & Licensing

Key Developments in IoT Security. The rush to market for consumers to enjoy the modern conveniences offered by these devices shocked the security community. Security experts were concerned that these devices were built with no security in mind. Data security.

IoT 72

Safely adopting technology in the hospitality industry

IT Governance

Management teams and front-of-house staff alike need to be familiar with the tools and their functions, as well as the associated information security landscape. With so much personal data collected and used to inform business decisions, it’s vital that your team has the necessary understanding of cyber and information security. PCI DSS (Payment Card Industry Data Security Standard). Information security. The hospitality sector has embraced consumer-facing technology.

Direct Marketing Takeaways From the Draft ICO Code of Practice

InfoGoTo

Those subject to the draft ICO code of practice should note that refer-a-friend programs in which a retailer offers 10% off an order for customers to participate are likely violations of the PECR.

Customers lose confidence – data breaches aren’t just about fines

IT Governance

Not just because regulations and standards such as the GDPR (General Data Protection Regulation) and PCI DSS (Payment Card Industry Data Security Standard) demand it, not just because of the impact a breach has on daily operations, but because there is now statistical proof that customers will abandon brands that suffer a breach. Train your staff. Within the realm of cyber security, being a little bit paranoid is a healthy approach.

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

The Last Watchdog

Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training. Here are excerpts, edited for clarity and length: LW: What is the National Cyber Security Alliance? A large retailer may spend millions on cyber security. The targeting of Sen.

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

Security Affairs

The group focuses on organizations in the insurance, retail, technology, and chemical industries in the U.S., Tune the e-mail security solution to automatically discard malicious or suspicious attachments.

Retail 107

REvil gang exploited a zero-day in the Kaseya supply chain attack

Security Affairs

The investigation is still ongoing, according to security firm Huntress Labs at least 1000 organizations have been impacted, making this incident, one of the largest ransomware attacks in history.

Retail 110

Artificial intelligence in cyber security

IT Governance

Cyber security has become a major priority for every organisation. This technology enables computers to be trained to process large amounts of data and identify trends and patterns. Such machine learning has been adopted in industries such as motoring, healthcare and retail. It will no doubt progress to many more, so what might this mean for cyber security? Ultimately, this would help improve network security defences. AI in the Cyber Security Industry .

FIFA caught hook, line and sinker in phishing attack

IT Governance

Although football holds a special place in many hearts across the globe, the cyber security elements of the situation should not be forgotten in the emotion of the sporting revelations. One of the most basic ones is training every employee to look for certain clues, such as mismatched URLs or misleading domain names. However, this statement doesn’t reflect the scale of the breach, or provide assurances of the organisation’s cyber security programme.

SHARED INTEL: How digital certificates could supply secure identities for enterprise blockchains

The Last Watchdog

Evidence continues to mount that blockchain technology holds the potential to democratize commerce on a global scale, while at the same time vastly improving privacy and security in the digital age. DigiCert recently thrust itself into the security part of the equation by signing on as a contributor to Hyperledger , the open source blockchain collaborative effort hosted by The Linux Foundation. Blockchain gave rise to Bitcoin.

Getting #BreachReady: prepare for the worst, hope for the best

IT Governance

and metaphorically – we believe the best approach is to apply your SPF (security protection factor) and get yourself and your team #BreachReady! With human error posing one of the biggest security risks, it’s all too easy to accidentally click a link in a well-constructed phishing email. It is vital to ensure that your teams are trained appropriately , with annual refreshers to maintain awareness. A report of staff training.

Securing Your Business with an AI-Driven Network

Adapture

As we continue to work through these challenging times, businesses need to rely on secure cloud services to support the health and safety of individuals using or visiting customers’ facilities. ADAPTURE helps your IT team deploy, train, and manage your solutions.

Data Stewards, Say Goodbye to Painful, Rules-based Matching.

Reltio

Today’s third-generational data management platforms with a machine learning component, help you derive the matching rules automatically from the data and also offers you the capability for active learning/training of the machine. Reltio Cloud’s ML component allows you to verify and accept the match criteria which in turn progressively trains the machine toward finer levels of match. Take control of your Enterprise Data Security, Governance and Compliance.

MDM 40

#ModernDataMasters: Lewis Ownes, CEO Agile Solutions

Reltio

In the early days I worked in data transformation for data into banks through digital printing – amazing that I trained to do all these elaborate hand-crafted books and ended up doing cheque books! But it did give me the advantage of seeing how the data was being fed into the machines for personalisation and the use of algorithms for security even back then. “At Kate Tickner, Reltio.

#ModernDataMasters: Steve Whiting, Chief Operations Officer

Reltio

I was trained in Oracle relational databases and GUI tools to deliver group-wide Banking Systems. Ethical data management means you need data governance and data security by design – these initiatives are hard to retrofit. Especially in the Big Data age, you have to know where your data comes from, what it is used for, what security measures are applied to it but also what its value is to the business. Kate Tickner, Reltio.

MDM 40

Bristol Airport systems offline in suspected ransomware attack

IT Governance

The airport admitted to taking a “ cautious approach ” to rectify the problem, but that was to ensure that none of its safety or security systems were put at risk. With malicious links and attachments accounting for 59% of ransomware infections, organisations of all sizes and types must ensure staff are trained to be vigilant and secure. Cyber Security Retail e-learning phishing RansomwareAnother day, another cyber attack. This time it’s Bristol Airport.

Business Continuity Plans Must Evolve for the Post-COVID World

InfoGoTo

Many employees have been forced to connect to business networks from computers that lack company-sanctioned software, up-to-date malware protection, encryption controls and secure email clients. Have a crash course security training program in place.

Cloud 99

ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular

The Last Watchdog

This bad news from UScellular follows similarly troubling disclosures from networking software supplier SolarWinds and from email security vendor Mimecast. The intruders got in by tricking UScellular retail store employees into downloading malicious software on store computers. Attacks like this are unfortunately frequent and even well-intentioned, well-trained, users can fall victim to a clever attack. Andy Oehler, VP of Product Management, Zentry Security .

What You Need to Know About E-Skimming

Adam Levin

The retailer wasn’t alone. On the business side of things, it’s crucial that software patches are applied as soon as they’re released, and that employees are trained to recognize the signs of compromise.

Data breaches and cyber attacks quarterly review: Q2 2021

IT Governance

Welcome to our second quarterly review of security incidents for 2021, in which we take a closer look at the information gathered in our monthly list of cyber attacks and data breaches. How security incidents are occurring. Keeping your organisation secure.

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Adam Levin

What would happen if you typed in “Amazon,” the corresponding domain popped up, and you clicked, but instead of finding the world’s largest online retailer, you landed on a 1980s WarGames-themed page with a laughing skull?

GUEST ESSAY: 3 key ingredients to stress-free compliance with data handling regulations

The Last Watchdog

But there are a manageable number of precautions you can take to secure customer data that will tick the boxes for many different regulations. Passing a compliance audit boils down to proving to auditors that your organization has implemented three fundamental things: adequate data security, access control and comprehensive reporting of your information sharing activity. Train employees.

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

The Last Watchdog

I had the chance to discuss this with Akamai security researcher Steve Ragan, the author of the report. LW: Can you make a general statement about the state of web and mobile app server design and implementation as they exist in commercial use today — from a security standpoint? This is in addition to implementation costs and upkeep, as well as training. RAGAN: Security is hard. Good security is a balancing act and an evolution.

How Not to Acknowledge a Data Breach

Krebs on Security

And yet, here I am again writing the second story this week about a possibly serious security breach at an Indian company that provides IT support and outsourcing for a ridiculous number of major U.S. Nor did the statement even acknowledge a security incident. Security reporter Graham Cluley was kind enough to record that bit of the call and post it on Twitter. I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach.

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

My reporting trip included meetings with Michigan-based cybersecurity vendors pursuing leading-edge innovations, as well as a tour of a number of thriving public-private cybersecurity incubator and training programs. Snyder says his experience as head of Gateway Computers and as an investor in tech security startups, prior to entering politics, gave him an awareness of why putting Michigan ahead of the curve, dealing with cyber threats, would be vital. “I

FIRST SANCTION OF AN ONLINE SHOES COMPANY BY CNIL ACTING AS A LEAD AUTHORITY FOR SEVERAL INFRINGEMENTS TO GDPR REQUIREMENTS

DLA Piper Privacy Matters

The recording and storage (even for a day) of customers’ banking information when placing an order by phone was not necessary for the purpose of employees training. Uncategorized CNIL Data Protection Data Security France GDPR sanctionsBy Denise Lebeau-Marianna and Yaël Hirsch.

B2C 56

Top 10 Data Governance Trends for 2020: Data’s Real Value Comes Into Focus

erwin

In the year ahead, companies with the ability to harness, secure and leverage information effectively will be better equipped than others to promote digital transformation and gain a competitive advantage.

Redcar and Cleveland Borough Council still offline after suffering cyber attack

IT Governance

Meanwhile, the National Crime Agency said it was supporting the council, and a team of experts from the National Cyber Security Centre has been on-site since 9 February. Unlike an attack on retailers, for example, victims have no alternative when systems are down.