As many speculate on the attack method used for the Epsilon data breach, it's important to focus on what we do know. In the increasingly complex threat landscape, data breach incidents serve as a reminder that companies need to be diligent about protecting their data.
"The details of this data breach are few. In the early phases, it's really hard to know who the perpetrators are and hackers are really good at covering their tracks," said Kevin Rowney, director of breach response, Symantec. "Currently e-mail addresses and names appear to be among the stolen data. Given this, consumers should be on the lookout for any new pattern of action from a possibly suspicious source."
"For organisations responsible for protecting customer data, threats are coming from every direction. By taking precautions against the discovery, capture and exfiltration of data, organisations can significantly bolster their defenses against attacks," concluded Rowney.
Symantec strongly encourages organisations to follow information protection best practices to avoid data loss including
+ Assess risks by identifying and classifying confidential information;Educate employees on information protection policies and procedures, then hold them accountable;
+ Deploy data loss prevention technologies such as Symantec Data Loss Prevention which enable policy compliance and enforcement;
+ Proactively encrypt laptops to minimise consequences of a lost device;
+ Integrate information protection practices into businesses processes;
+ Symantec also encourages consumers to follow these best practices to avoid any phishing attacks triggered by this incident:
+ Know the online policies of any provider you have an online account for;
+ Banks, credit providers and other services will never ask you to confirm your personal details via an email. Make sure the URL of the site linked in the message corresponds to the name of the company that the message purports to be from. For example, the website "MyGoodBank.com" is not the same as "My.Gud.Banke.ru.us/net."
+ Check the message or email for spelling and grammar mistakes or other indications that it was not written by a professional. Such traits are hallmarks of phishing emails.
+ Never click on a link within an email, IM or social networking site.
Instead, re-type the address into your browser.
+ Do not dial phone numbers included in the notification letters but rather visit the main website and get the customer service number there.
+ Spam will often spoof these email notifications.
+ Make sure your security software includes anti-phishing and identity protection features, and is always up-to-date.
Sign up for Computerworld eNewsletters.