Data security requires ongoing vigilance. Includes tips for keeping your business’ security current and for building processes to address new vulnerabilities quickly. Learn more about this subject on the FTC’s website: https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business ******************************************** Transcript: Data security requires ongoing vigilance. Technologies, tactics, and threats change constantly. It’s critical to make sure your company keeps pace. The Start With Security video series and resources at business.ftc.gov offer tips for keeping your business’ security current and building processes to address new vulnerabilities quickly. One guideline to remember– keep your third party software updated and patched. When a retail company failed to update its antivirus software, an FTC case was only one of the consequences. A hacker exploited the resulting vulnerabilities to steal the personal information for over 400,000 customers and to charge millions of dollars to their credit and debit cards. To reduce the risk of a breach, set policies for updating and patching software and follow them. It’s also important to have a sound process for receiving and reviewing security warnings. Act quickly to address the credible ones. The FTC brought a case against a major smartphone manufacturer for not having a process to collect and address reports about security vulnerabilities. The company’s delay in responding to warnings left millions of devices open to malicious applications that could text, make recordings, and access sensitive data without the smartphone owner’s consent. In another FTC case, a mobile application business relied on its general customer service system to respond to warnings about security risks. When a security researcher emailed the company about a vulnerability, the system incorrectly flagged the report as a password reset request and marked it as resolved. Make sure important warnings get to the people in your company who need to know about them. Consider setting up a well-publicized, dedicated channel, like an email address, for receiving reports and flagging them for your security staff. For more useful tips about keeping your security current, addressing vulnerabilities as they arise, and building a culture of data security in your business, visit FTC.gov/startwithsecurity. ******************************************** Comment Moderation Policy We welcome your comments and thoughts about the information on this page. If you do have something to say, please be courteous and respectful to other commenters. We won’t routinely review or edit any comments before they are posted, but we will delete any comments that: 1) contain spam or are off-topic 2) use vulgar language or offensive terms that target specific groups or contain personal attacks 3) are sales pitches, promotions, urls or links to commercial sites 4) spread clearly misleading or false information or 5) include personal information, like home addresses