On November 21, just days before Black Friday, a technical issue on Amazon’s website exposed customer names and email addresses. Amazon fixed the problem promptly and informed customers who may have been impacted but refused to answer questions on how many people were affected or whether or not any of that information had been stolen.
Not a small matter
Although names and email addresses might not seem like a lot of information, cyber criminals can still use this data to target potential victims – in phishing attacks, for example. Phishing is a social engineering attack where criminals use scam emails to try to trick victims into divulging sensitive information, such as passwords, payment card numbers, and Social Security numbers. Successful phishing attacks deliver an enormous return on investment, which has motivated criminals to create increasingly sophisticated and creative phishing ‘lures’.
A simulated attack will establish whether your employees are vulnerable to phishing emails, enabling you to take immediate remedial action to improve your cybersecurity posture.
To prepare your employees for a phishing attack, IT Governance also offers a Phishing Staff Awareness course.
In recent years, the number of significant data breaches has risen exponentially. From universities to tech giants, no organization is immune. The EU’s GDPR (General Data Protection Regulation) applies to any organization processing and storing EU residents’ personal data, irrespective of the organization’s location or where the data is processed. Canadian and U.S. organizations with any connection to the EU – whether through subsidiaries, customers, or suppliers – are likely affected. Organizations should, therefore, take steps to determine whether the GDPR is applicable and consider revising their information handling processes to ensure compliance.
In some cases, the GDPR compliance steps will supplement existing measures that many North American organizations adopt as a matter of good practice or to comply with sector or state privacy laws, e.g. HIPAA (Health Insurance Portability and Accountability Act).
Certified EU GDPR Foundation Training Course
Get a comprehensive introduction to the Regulation and a practical understanding of the implications and legal requirements for U.S. organizations with this one-day course.
Certified EU GDPR Practitioner Training Course
Learn from the experts how to meet the requirements of the Regulation. Get a practical understanding of the tools and methods for implementing and managing an effective compliance framework, and how to fulfill the data protection officer role.