The Information Commissioner’s Office (ICO) has called on businesses and organisations to familiarise themselves with the best ways of protecting personal data and not fall prey to the most common causes of data breaches.
The watchdog has published a new report highlighting the most common security vulnerabilities of data breaches and says many of the most serious occurrences could have been prevented that the best practices been adopted.
Eight of the most common vulnerabilities discovered during the ICO’s investigations include a failure to keep software security up to date, a lack of protection from SQL injection, the use of unnecessary services and the poor decommissioning of old software and services.
The ICO says that many of the issues identified in the report should be common knowledge to IT professionals, but the fact that the same mistakes are being made suggests that not everyone responsible for ensuring personal data is secure is as familiar with them as they should be.
“In just the past couple of months we have already seen widespread concern over the expiry of support for Microsoft XP and the uncovering of the security flaw known as Heartbleed,” says Simon Rice, ICO group manager for technology. “While these security issues may seem complex, it is important that organisations of all sizes have a basic understanding of these types of threats and know what action they need to take to make sure their computer systems are keeping customers’ information secure.
“Our experience investigating data breaches on a daily basis shows that whilst some organisations are taking IT security seriously, too many are failing at the basics.”
Earlier this year, the ICO fined the British Pregnancy Advice Service (BPAS), a charity which helps women considering abortion, £200,000 after a data breached revealed the names of 10,000 users to a hacker in 2012. An investigation concluded that the charity failed to realise its own website was storing the names, address, date of birth and telephone number of people who asked for a call back for advice on pregnancy issues.
How well do you know Internet security? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…