Another Brand Damaged by Supplier Data Breach!

Following last week’s revelations about Play.com’s customer data being compromised – as a result of a supplier falling victim to a cyberattack – the UK based Co-operative has admitted that a third-party vendor posted information online about 83,000 of its customers.

These latest data breaches highlight the importance that an organisation must place on its own information security and, if service providers are going to have access to data, then it is essential they are subject to at least the same level of security as the company procuring their services.

Cybercriminals widen their net

It’s early days, but it seems that cybercriminals are widening their net to include the suppliers and third-party vendors of larger brands, the type of suppliers that handle a lot of customer data and e-mail addresses. This shift in focus could be down to hackers in search of low hanging fruit, or because cybercriminals know that genuine subscriber details are much more useful for creating third generation phishing attacks designed to lure consumers to malware-infected sites.

Brands suffer at their suppliers’ expense

The Play.com data breach was the result of their e-mail service provider ‘Silverpop’, being attacked and their security arrangements not bring fit for purpose. Because it was Play.com’s customer data that was compromised, Play.com has received more negative press than Silverpop, and the brand’s reputation will suffer as a result. In the case of the UK based Co-operative, the third-party vendor responsible for causing the data breach hasn’t even been named!

Avoid reputation and brand damage caused by third-party suppliers

Comply with the Data Protection Act

A security breach, such as that experienced by play.com and the Co-operative may, in some organisations, also reflect an underlying failure to comply with the DPA.

For cost-effective do-it-yourself DPA compliance, you should buy the Complete Data Protection Toolkit. If you are quick, and purchase today (31 March 2011), we’ll send you our essential best-practice report Data breaches: Trends, costs and best practices absolutely free!

Implement ISO 27001 – international best practice for information security

Accredited Certification to ISO 27001 gives an organisation internationally recognised and accepted proof that its system for managing information security – its ISMS or cybersecurity readiness – is of an acceptable, independently audited and verified standard.

No 3 ISO27001 Comprehensive ISMS Toolkit

No 3 ISO27001 Comprehensive ISMS Toolkit Implementing ISO/IEC 27001 and creating an effective Information Security Management System for the first time can be challenging!

This toolkit has everything you will need. When you use our highly practical and informative books and tools to help you tackle the project, you receive unique guidance and support for your organisation – plus, with this package, you save money!

TODAY ONLY (31 March 2011), USE THIS LINK for a further 7 Free resources!

Additional resources for ISO 27001 certification:

  1. Manager’s Guide to Data Security and ISO 27001/ISO 27002
  2. ISO27001 Implementation Masterclass
  3. Penetration Testing
  4. ISO 27001 and Information Security Consultancy