Information Security Today Home

New Books

Asset Protection through Security Awareness by Tyler Justin Speed; ISBN 9781439809822
Managing an Information Security and Privacy Awareness and Training Program, Second Edition by Rebecca Herold; ISBN 9781439815458
Software Quality Assurance: Integrating Testing, Security, and Audit by Abu Sayed Mahfuz; ISBN 9781498735537
Enterprise Level Security: Securing Information Systems in an Uncertain World by William R. Simpson; ISBN 9781498764452
Information Security Policies, Procedures, and Standards: A Practitioner's Reference by Douglas J. Landoll; ISBN 9781482245899
Electronically Stored Information: The Complete Guide to Management, Understanding, Acquisition, Storage, Search, and Retrieval, Second Edition by David R. Matthews; ISBN 9781498739580

5 Dangerous Misconceptions When Sharing Your Personal Data

July 12, 2016 - Houston PR - Consumers have little understanding of the complexities surrounding the security of their personal data and are falling prey to a host of myths that could put them at risk according to leading data specialists Eckoh.

Relying on these misconceptions can lead people to fail to take adequate precautions and expose valuable personal data to hackers and criminals. Eckoh has drawn up a list of the five most common data security myths. Cameron Ross, Eckoh's Director of Payments Strategy, said, "We find that many people are concerned about keeping their data secure but arenít always sure of the best way to do it. There are lots of common myths when it comes to dealing with contact centres, some of which are a long way from the reality."

1. Call recording is purely for training purposes
This is primarily about protecting both the customer and the call agent. Call recording prevents the customer from making claims that the wrong order was taken as any discrepancies can be checked. Looking at it the other way, 'pause and resume' systems can be used to manipulate the customer into giving away additional details 'off the record' or to allow agents to be rude to the customer without leaving any evidence.

2. Speaking my payment details directly over the phone is the most secure method
Many people believe that when they give details over the phone it is completely secure. However, both ends of the line are at risk from others listening in. Additionally, there are all sorts of situations where details are written down on Post-it Notes or scraps of paper. This is often due to ignorance rather than any sinister motivation; for example, popping off to check stock levels or to ask a question on behalf of the customer. This is particularly an issue in those organizations with multiple departments operating in silos.

3. People who process my payments are security screened
This is just not the case. Call center workers can be some of the lowest paid workers and many temp workers are on short-term contracts. The high churn rate means that there is no point in investing huge amounts into security checks. This is not to say that breaches of this nature are common but there is definitely a misconception around this issue.

4. The only person my details are exposed to is the contact agent
In fact, it is likely that anybody in the ordering system will be able to access these details. Databases where your details are held are often accessible to a large number of people within the organisation. We have found that details are stored in widely accessible areas in more than 5% of the contact centres we have dealt with. In some cases, we have even seen customer card numbers being used as order numbers, meaning a license to print labels with your card data on them.

5. When I give my personal details to a company, I am trusting only them with my security
Most of the time, the organization you are dealing with is the one that looks after your data. You make decisions about whether to trust them based on various factors such as your own experience or their reputation. There are exceptions. Aggregator services such as hotel or travel booking sites will take payment and personal info and pass it on to third parties via batch files. This sensitive data (belonging to multiple customers all in one neat bundle) is open to attack from criminals while in transit. Again, with the appropriate security measures this does not have to be an issue but customers need to consider who is actually looking after their sensitive data.


 
Subscribe to
Information Security Today







Bookmark and Share


© Copyright 2016 Auerbach Publications