Microsoft adds ransomware protection to Office 365, a Toronto ride sharing app suspends its service over data security problem and why your company’s service providers can lead to a data breach.
We’re bringing you the latest cyber security news. Welcome to Cyber Security Today. It’s Monday April 9th. I’m Howard Solomon.
Microsoft sells subscriptions to Office 365 so you don’t have to buy and install software. But that doesn’t mean there aren’t security risks. To meet them the company announced new security tools. One is Files Restore, which lets you recover from things like accidental mass delete or file corruption. Another is ransomware detection and recovery. If an attack is detected, you’ll be alerted through an email, mobile, or desktop notification and guided through a recovery process. A nifty new addition is the ability to set and require a password to access a shared file or folder. And there’s the ability to check for malicious links included in Word, PowerPoint and Excel documents you receive. These are handy additions.
The owner of a Toronto ride-sharing app created to increase safety and security for women drivers and riders has suspended its services after being told that its user data was vulnerable to a breach. The Toronto Star reports that DriveHer was told by a security researcher that its software left women who signed up for it vulnerable to having personal information — such as names, home addresses, driver’s licences and insurance slips — exposed. The owner of the service said a third-party security firm is doing a penetration test on the app to review its security while the app is being fixed. The incident is a reminder to app creators that including data security is vital when building a solution.
Finally, the data security of third party suppliers to an organization is just as important as the products it builds or buys. That lesson was made again with the revelation that Delta Airlines, Best Buy and Sears in the U.S. were victims of a payment card data breach. It came through a customer communications service they use called [24]7.ai. That company admitted that last October it discovered a security incident. Apparently, a hacker compromised its system to get into the data of other businesses. Some customer payment information may have been captured through this supplier. It’s a reminder that every company that connects to an organization’s network – be it cloud services, accounting, an Internet provider, or, in this case a customer support service – is a potential attack point.
That’s it for this edition of Cyber Security Today Subscribe on Apple Podcasts, Google Play, add it to your Alexa Flash Briefing or wherever else you listen to podcasts. Thanks for listening.