You’ve just moved into your new home, it’s an exciting time but there’s lots to do! TV Licence, home insurance, gas, electric, phone line and last but definitely not least- your Internet service provider. You call the company up to confirm your new address and just to be sure they ask you to confirm some of the usual data protection questions, you wouldn’t expect anything less! You confirm your date of birth, previous address and account number and for good measure you provide your Mothers maiden name. Why wouldn’t you, they’re a large reputable organisation. You know your data is in safe hands.
Like clockwork, once a month your payment comes out, you’re happy with the service and all is well. That is until you wake up one morning and see the news that said Internet service provider have had a MASSIVE breach! Approximately 4 million customer details leaked. Names, addresses, bank account details, all potentially in the wrong hands. Panic, fear and disbelief set in, are your details out there in cyber space for all to see? What should you do? How can you protect your identity? Is your bank account safe?
Personally as a TalkTalk customer I’m not sure what to expect next- will I be inundated with spam phishing emails? Is my identity as risk? Should I change bank accounts? I feel let down. I’m security savvy in my online activities, I have the best antivirus, I only use secure connections and my passwords are top secret, yet despite all this I’ve indirectly become a victim of cyber-crime.
The important thing for TalkTalk customers to be aware of right now is not only the immediate panic that someone could potentially have all my details but how they could use them to social engineer an attack against you directly. That seemingly innocent phone call from a ‘TalkTalk’ representative could potentially be a scammer trying to coax even more information from you.
Information security is something of a hot topic at the moment, not a day goes by where we don’t hear about a breach of some sort. An attack such as this only acts to highlight the importance of how physical security practices and information security awareness work hand in hand. One without the other is pointless.
No wonder TalkTalk’s’ share price has dropped by 10%. Getting internal CyberSecurity defences in place is really difficult. But until organisations give Information Security the attention and resources it deserves, I think we will continue to see CEO’s of large corporations floundering on daytime TV. Trying to speak on a subject they don’t feel comfortable with.