Last week the Amazon owned Zappos shopping website admitted it has been hacked. Zappos asked customers to change their passwords and warned that some personal information might have been exposed in the attack.
Zapphos are PCI compliant and all their transactions are authenticated and encrypted using SSL. This raises the question of how the attack occurred and how a joined up approach of cyber defences and staff training is required to combat data breaches.
Alan Calder, CEO of IT Governance USA, says, “Companies should regularly educate employees about data breaches risks. This is the only way to minimise the insider threat, which is probably the reason for over 50% of data breaches. Staff should be aware not to install any unauthorised software which may be disguised as malware. They shouldn’t be opening emails from unknown sources or be sharing their passwords with others.”
|PCI DSS Staff Awareness eLearning Training
The PCI DSS Online Staff Awareness course from IT Governance will increase employees’ awareness of the PCI DSS requirements, and will provide clear and simple explanations of what companies and individual employees must do to meet the requirements of the PCI DSS (v2.0) standard.
“Positive, aware and well trained members of staff are a key part of ensuring that you fully comply with the PCI DSS standard and protect the crucial intellectual assets of your organization, namely your confidential information, relationships and reputation.” Alan Calder.