Register for PaymentsJournal
Back to News
Retailers Can Learn From South Carolina's Data Breach
December 10, 2012
StoreFront BackTalk had a post last week from frequent contributor Walt Conway of 403Labs. The post covers three lessons State administration in South Carolina learned through the process of dealing with the data breach discovered in October, and how those lessons might be applied to the retail business. Two important details regarding the breach: the bad guys gained access to State tax systems through malware attached to a phishing message, and the head of the State’s Department of Revenue will resign as a result.
From StoreFront BackTalk:
Lesson #1: Don’t Skimp on Training. Training can’t prevent every social-engineering or spam attack from being successful, but effective training (and enforcement) can go a long way in reducing the effectiveness of such attacks. Such malware-laden E-mails tend to increase after natural disasters and during the holidays. We can expect to receive a few “click on this great Santa video” E-mails, so it may be a good time to reinforce the training with all your employees.
Lesson #2: Strong User Authentication is Your Friend. Two-factor authentication is not the same as multiple passwords. It means using two completely separate methods of identification, from among the following: Something you know (user ID and strong password); something you have (e.g., token or other physical device); or something you are (fingerprint or handprint).
Lesson #3: Protect Your Sensitive Data. A lot of South Carolina’s problems might have been eliminated had the data been protected with strong encryption accompanied by solid key management procedures.
to read more from StoreFront BackTalk. Click
to read more from USA Today about the breach.
Contact a Mercator Advisory Group Analyst
Search News Items
Advertise With Us
Recommend RSS Feed
Join Buyers Guide
Host a Strategy Session
List a Calendar Event
Give Us Feedback
Contact Mercator Advisory Group
© & ™ 2002 - 2012 | Mercator Advisory Group. All Rights Reserved
Terms and Conditions
Make Us Your Homepage