| Channel | Publish Date | Thumbnail & View Count | Download Video |
|---|---|---|---|
 | Publish Date not found |  0 Views |
For more information on this topic, visit the FTC website: https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business
************************************************
Transcript:
Data security requires constant vigilance. Technologies, tactics and threats are constantly changing. It's important that your business keeps up. The Start With Security video series and resources at business.ftc.gov offer tips on how to keep your company's security up to date and develop processes to quickly fix new vulnerabilities. One guideline to remember: keep your third-party software up to date and install patches.
When a retail company failed to update its antivirus software, a case with the FTC was just one of the consequences. A hacker exploited the resulting vulnerabilities to steal the personal information of over 400,000 customers and charge millions of dollars to their credit and debit cards. To reduce the risk of a breach, establish and follow policies for updating and patching software. It's also important to have a solid process for receiving and reviewing security alerts.
Respond quickly to credible reports. The FTC has filed a case against a major smartphone manufacturer for failing to have a process for collecting and processing reports of security vulnerabilities. The company's delays in responding to alerts left millions of devices vulnerable to malicious applications that could send text messages, make recordings, and access sensitive data without the smartphone owner's consent.
In another FTC case, a mobile application company relied on its general customer service system to respond to security risk alerts. When a security researcher emailed the company about a vulnerability, the system incorrectly labeled the report as a password reset request and marked it as resolved.
Make sure important alerts reach the people in your organization who need to know about them. Consider setting up a highly visible, dedicated channel, such as an email address, to receive reports and flag them for your security staff.
For more useful tips on keeping your security up to date, remediating vulnerabilities as they arise, and building a culture of data security in your organization, visit FTC.gov/startwithsecurity.
************************************************
Comment moderation guidelines
We welcome your comments and thoughts on the information on this site. If you have something to say, please be polite and respectful to other commenters. We will not routinely review or edit comments before they are published, but we will delete any comments that:
1) contain spam or are not relevant to the topic
2) use vulgar language or offensive expressions that target specific groups or contain personal attacks
3) are sales pitches, promotions, URLs or links to commercial websites
4) spread obviously misleading or false information
or
5) contain personal information, such as home addresses
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.
