Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:56 AM
Mathew J. Schwartz, InformationWeek
Mathew J. Schwartz, InformationWeek
Connect Directly

9 Ways To Minimize Data Breach Fallout

Symantec just revealed that attackers stole source code to its flagship Norton software in 2006, highlighting today's array of sharply different approaches to owning up to data breaches. Consider these essential policies.

What's the best way to mitigate the fallout from a data breach?

Data breaches are a fact of business life. But beyond keeping a data breach response plan at the ready, how can IT departments best prevent and mitigate data breaches? Start here:

1. Put a good information security program in place. According to a recent study from the Identity Theft Resource Center, the greatest number of 2011 data breaches were triggered by hackers, and in the first month of 2012, new breaches appear to be following suit.

2. Enforce strong passwords. Earlier this month, shadowy hacktivist group TeaMp0isoN uploaded to Pastebin a list of about 80 T-Mobile employees' usernames, passwords, email addresses, phone numbers and passwords. Interestingly, many of the T-Mobile passwords, if they were actual passwords, were simply "112112" or "pass." In its Pastebin post, TeaMp0isoN--which reportedly worked with Anonymous on the recent credit-card wealth-redistribution scheme known as Operation Robin Hood--called out the apparent password non-variety. "Look at the passwords, epic fail. All the passwords are manually given to staff via an admin who uses the same set of passwords."

3. Hide breaches at your peril. Symantec this month confirmed that Norton source code leaked earlier this month by hackers was genuine. But Symantec downplayed the incident, saying the code, from two of its older products--Endpoint Protection 11.0 and Antivirus 10.2--had been stolen from a third party. In other words: it was old code, there's nothing to see, everyone move along.

Except that just two weeks later, Symantec came clean, and admitted that the code to its flagship Norton product had been stolen back in 2006, reported Reuters. That raises the possibility that anyone in possession of the source code back then may have found ways to use Symantec's security software to compromise users' machines.

To read the entire original article, visit InformationWeek.

Register for Wall Street & Technology Newsletters