www.faberbrent.com

Friday 24 July 2009

SMS to be trailed by Visa as a means of payment verification

Visa are trialing a system where you receive a SMS message whenever you make a purchase as a tool to identify fraudulent payment. This is not a new idea but previously only been used for unusual pattern transactions.

There is a significant concern regarding fraudulent spoofing/fishing attacks with false messages. An example would be that one receives a message along the lines of "This is a security message from Visa, can you please call our team on 0845 123456 now".... I'm sure you can work out the rest. The challenge here is user education as apposes to systems performance.

We wrote about this risk just a couple of weeks ago.

Posted by www.faberbrent.com at 09:38 0 comments

FSA fine HSBC £3M over data breaches

Following an investigation HSBC have been fined £3M by the FSA for repeated incidents of sending large quantities of unencrypted personal data in the post!

Their are two clear lessons here; systems need to be designed to prevent the ability to dump unencrypted data onto removable storage and all staff need to have awareness training so they will know that posting disks full of data is akin to posting envelopes of cash.

Posted by www.faberbrent.com at 09:32 0 comments

Lucid Intelligence live with database of 120 million stolen records

We reported on the Lucid database before and now it is up and running. It enables you to search the millions of record they have obtained from sales of stolen data on the web. This allows you to get an idea as to whether your personal information has been compromised.

There are questions surrounding data protection of this base and potentially the ability to obtain details about somebody else by using their search.

They have also published a very useful DIY guide to finding out if your data has been published.

Posted by www.faberbrent.com at 09:17 0 comments

SMBs can't keep up with ITSec in tough times

Probably not a surprising article but an important on never-the-less.

If you are a SME and have reduced your ItSec spend it is time to think smarter. We may seem a little strange to advocate more spending but a full (independent) review of legacy systems, procedures and cost centres often reveal significant savings.

We understand the preasures on SME's (we are one!) but also understand the conciquences of ignoring significant exposure. Security spend can only be justified against a threat and risk annalysis (just like an insurance policy). If the exposure is to big to accept sutiable measures must be implermented (head in sand is not an option).

For impartial advice contact us.

Posted by www.faberbrent.com at 09:08 0 comments
Subscribe to: Posts (Atom)