Small and medium sized businesses are being warned to take note as a company which suffered a cyber attack is fined £60,000 by the Information Commissioner’s Office.
The ICO’s investigation found:
- The firm failed to carry out regular penetration testing on its website that should have detected errors
- The firm failed to ensure the password for the account on the WordPress section of its website was sufficiently complex
- The firm had some information stored unencrypted and that which was encrypted could be accessed because it failed to keep the decryption key secure
- Encrypted cardholder details and CVV numbers were held on the web server for longer than necessary
The ICO has a range of guidance available to help businesses ahead of the implementation of GDPR on 25 May 2018.
To read the rest of the article and look at what advice the ICO has on the upcoming GDPR visit: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/06/warning-to-smes-as-firm-hit-by-cyber-attack-fined-60-000/
For more advice on specific cyber crime prevention topics, visit the ‘Advice Sheet’ section of the Warwickshire Business Watch website.