Latest news with #datasecurity
Forbes
a day ago
- Business
- Forbes
11 Critical Steps To Contain Cyber Damage And Protect Your Business
Cyber extortion can hit a company hard by disrupting operations, exposing sensitive data and shaking shareholder trust. Even a single attack can have costly, far-reaching consequences for business reputation and revenue. When the unexpected happens, a swift and strategic response is essential—every second counts, and every step must be deliberate to limit the fallout and begin recovery. To help your organization prepare for this high-stakes scenario, 11 members of Forbes Finance Council explain how to respond to a cyber extortion attack effectively and professionally. 1. Isolate Threats And Preserve Evidence The most critical step is to isolate and contain the incident. You can immediately disconnect affected systems from the network, disable compromised user accounts, servers or devices. You need to preserve evidence. Containment limits damage and preserves forensic evidence needed for investigation and recovery. Activating the incident response plan for a coordinated response to prevent chaos and accelerate mitigation. - David Kelley, Diesel Laptops 2. Quarantine Assets And Communicate Clearly First, you should pause. Then, you need to immediately quarantine compromised assets, trigger your Disaster Recovery Plan (DRP) or Incident Response Plan (IRP) and secure critical evidence. Clear, proactive communication is vital; thoughtful, planned action always beats chaotic reaction. - Jay Korpi, Piqued Solutions, LLC 3. Activate Crisis Teams And Practice Preparedness The first move is to activate your crisis team, fast, because cyber extortion hits more than servers; it threatens trust, brand and the bottom line. It's like a fire in a data vault: You pull the full alarm, not just call IT. Like any fire drill, your response only works if you've practiced, so have a tailored plan and rehearse it often. - Adeel Manzoor, HERE Technologies 4. Implement Response Plans And Engage Key Leaders Cyber extortion requires activating incident response and crisis management plans. You need to notify the CEO and the board, then assemble leads from across the business—communications, risk, tech, cyber and operations. You also have to engage external cyber partners and legal counsel for privileged advice. One last thing to do is use extortion response playbooks (decision guides), assess system, data and regulatory impacts and activate business continuity plans. - Shivali Kukreja , NIB NZ 5. Stop The Spread And Notify Authorities If a company falls victim to cyber extortion, the first step should be to isolate affected systems to stop the spread. In addition, you need to contact law enforcement immediately, such as the FBI's IC3. You can have your cybersecurity team identify and eliminate any other potential vulnerabilities. It will take a team effort to overcome a severe challenge like cyber extortion. - Jared Weitz, United Capital Source Inc. Forbes Finance Council is an invitation-only organization for executives in successful accounting, financial planning and wealth management firms. Do I qualify? 6. Act Quickly Without Panic The first step is not to panic and act fast, but smart. You should immediately isolate affected systems to contain the threat. Then, you can alert your internal security team and engage a trusted cybersecurity firm. You shouldn't contact the attackers directly. You must preserve evidence, notify law enforcement and review your backups. You have to be wary of follow-up scammers who contact you after to help you 'regain access.' - Nick Chandi, Forwardly 7. Control Communications And Protect Reputation A crucial first step is to maintain internal and external communications with a cyber crisis strategy. To avoid panic, disinformation and evidence leaks, you should control information before negotiation. Communication plans ensure that only selected spokespeople contact stakeholders—employees, consumers, media and possibly attackers. Clear and regulated communication safeguards reputation and aligns reaction teams around the facts. - Neil Anders, Trusted Rate, Inc. 8. Contain The Breach And Coordinate A Calm Response The first step is to immediately isolate any affected systems to stop the spread of the breach. Then, you can loop in your cybersecurity team and legal counsel to begin a coordinated, well-documented response. You shouldn't rush to communicate—take time to assess the situation, preserve evidence and follow a calm, strategic plan. In moments like this, speed matters—but so does clarity. - Michael Foguth, Foguth Financial Group 9. Assemble Experts And Plan Strategically If targeted by cyber extortion, the first step is to assemble a multidisciplinary 'war room' that includes IT, legal, communications, behavioral and negotiation experts. This rapid, coordinated response blends technical skill with strategic insight, helping protect your reputation, navigate legal risks and stay ahead of evolving threats. - Elie Nour, NOUR PRIVATE WEALTH 10. Disconnect Systems And Prevent Escalation Before calling the cops or tech team, you need to hit pause—literally. The first move should be to disconnect everything under attack. You should pull the plug on infected systems to stop the spread, like slamming a door on a house fire. Most panic and go straight to reacting, but containment, not chaos, is the real first move. - Karla Dennis, KDA Inc. 11. Respond Swiftly And Lead Decisively Drawing from my experience leading a company, my advice is clear: If your business faces cyber extortion, immediately isolate affected systems and activate your incident response plan. You should bring in cybersecurity experts to assess and contain the damage. Acting swiftly and methodically not only protects your assets but also reinforces your reputation as a decisive, trustworthy leader. - Tomas Milar, Eqvista Inc. The information provided here is not investment, tax, or financial advice. You should consult with a licensed professional for advice concerning your specific situation.
Yahoo
2 days ago
- Business
- Yahoo
Hybrid, Multicloud Strategies Gain Traction in U.K.
Growing AI adoption, regulatory pressures accelerate enterprises' shift to hybrid cloud environments, ISG Provider Lens® report says LONDON, July 17, 2025--(BUSINESS WIRE)--Enterprises across the U.K. are rapidly modernizing their cloud infrastructures, motivated by a surge in AI and ML workloads that demand scalable and secure cloud solutions, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm. The 2025 ISG Provider Lens® Private/Hybrid Cloud — Data Center Services report for the U.K. finds an upward trend in the adoption of hybrid and multicloud infrastructure models, with significant growth anticipated within the next three years. Performance, data sovereignty, security and regulatory pressures are the primary drivers of this growth. Hybrid cloud is now the preferred model for many U.K. enterprises, because it lets organizations align workloads with appropriate environments and improve data protection. "U.K. enterprises are actively transitioning toward hybrid and multicloud platforms to support AI and ML workloads and safeguard sensitive data," said Anthony Drake, partner at ISG. "These flexible platforms are crucial for protecting organizations against ransomware and malware threats and for achieving cost efficiency." Enterprises in the U.K. are using hybrid clouds to enhance security with private cloud resources while simultaneously gaining cost savings and flexible scalability from public clouds, ISG says. Increasingly, they are deploying real-time monitoring and ML within private clouds to strengthen data protection, particularly in highly regulated sectors such as healthcare and finance. As organizations embrace cloud environments, they are engaged in large-scale migration of business applications. Most organizations in the U.K. have migrated applications between environments to improve efficiency, capacity, security and innovation, the report says. Companies are optimizing on-premises and private cloud environments by integrating graphics processing units (GPUs) and expanding storage capacities. This approach eases handling of AI and analytical tasks while improving efficiency and resource utilization. Small and midsize enterprises (SMEs) in the U.K. are focused on developing customized cloud solutions to meet industry-specific demands. The uptake of modular data center designs is also on the rise, owing to their low total cost of ownership and accelerated deployment capabilities, ISG says. The U.K. government's designation of data centers as critical infrastructure, coupled with streamlined planning laws, facilitates new data center projects and reinforces a national focus on data protection. The capacity of U.K. data centers is expected to increase twofold by 2028, mainly driven by growing demand for generative AI (GenAI), cloud computing and government-supported infrastructure. "The U.K.'s cloud market is undergoing rapid transformation, with organizations seeking agility through tailored solutions and modular data center designs," said Meenakshi Srivastava, lead analyst, ISG Provider Lens Research, and lead author of the report. "By 2025, 75 percent of enterprise data will be processed outside traditional data centers or cloud environments, indicating a shift in data management practices." The report also explores other trends related to private/hybrid cloud and data center services in the U.K., including an increased emphasis on sustainability and the integration of agentic AI into hybrid and private cloud environments. For more insights into the private/hybrid cloud and data center services challenges that enterprises in the U.K. face, plus ISG's advice for overcoming them, see the ISG Provider Lens® Focal Points briefing here. The 2025 ISG Provider Lens® Private/Hybrid Cloud — Data Center Services report for the U.K. evaluates the capabilities of 69 providers across five quadrants: Managed Services — Large Accounts, Managed Services — Midmarket, Managed Hosting, Colocation Services and AI-Ready Infrastructure Consulting. The report names Fujitsu and Kyndryl as Leaders in three quadrants each. It names Accenture, Capgemini, Claranet, DXC Technology, Ensono, Hexaware, Infosys, Pulsant, Rackspace Technology, T-Systems and TCS as Leaders in two quadrants each. Atos, Computacenter, Deloitte, Digital Realty, Equinix, Global Switch, HCLTech, IBM, LTIMindtree, NTT DATA, Redcentric, Telefonica Tech, Telehouse, Unisys and Wipro are named as Leaders in one quadrant each. In addition, LTIMindtree, Mphasis and NTT DATA are named as Rising Stars — companies with a "promising portfolio" and "high future potential" by ISG's definition — in one quadrant each. In the area of customer experience, Persistent Systems is named the global ISG CX Star Performer for 2025 among private/hybrid cloud and data center service providers. Persistent Systems earned the highest customer satisfaction scores in ISG's Voice of the Customer survey, part of the ISG Star of Excellence™ program, the premier quality recognition for the technology and business services industry. Customized versions of the report are available from Hexaware and Unisys. The 2025 ISG Provider Lens® Private/Hybrid Cloud — Data Center Services report for the U.K. is available to subscribers or for one-time purchase on this webpage. About ISG Provider Lens® Research The ISG Provider Lens® Quadrant research series is the only service provider evaluation of its kind to combine empirical, data-driven research and market analysis with the real-world experience and observations of ISG's global advisory team. Enterprises will find a wealth of detailed data and market analysis to help guide their selection of appropriate sourcing partners, while ISG advisors use the reports to validate their own market knowledge and make recommendations to ISG's enterprise clients. The research currently covers providers offering their services globally, across Europe, as well as in the U.S., Canada, Mexico, Brazil, the U.K., France, Benelux, Germany, Switzerland, the Nordics, Australia and Singapore/Malaysia, with additional markets to be added in the future. For more information about ISG Provider Lens research, please visit this webpage. About ISG ISG (Nasdaq: III) is a global AI-centered technology research and advisory firm. A trusted partner to more than 900 clients, including 75 of the world's top 100 enterprises, ISG is a long-time leader in technology and business services that is now at the forefront of leveraging AI to help organizations achieve operational excellence and faster growth. The firm, founded in 2006, is known for its proprietary market data, in-depth knowledge of provider ecosystems, and the expertise of its 1,600 professionals worldwide working together to help clients maximize the value of their technology investments. View source version on Contacts Sarah Ye, ISG+44 7833 Laura Hupprich, ISG+1 203 517
Yahoo
2 days ago
- Business
- Yahoo
Can a merchant store my credit card details without permission?
Key takeaways Storing your credit card information makes it easier for merchants to facilitate future and recurring transactions. For data security or consumer privacy purposes, however, you may not want merchants to retain your credit card details. State laws, card industry security standards, FTC guidance and other regulations all influence how and when merchants are allowed to store your card details. If you shop frequently at particular merchants with your top credit cards, you might find that allowing them to store your card information can streamline your transactions at checkout. And if you have recurring charges — like those for streaming or subscriptions — allowing for the storing of your card details helps merchants to automatically bill you each month without asking for your card information each time. That's well and good — especially when you've consented to storing your data. But can a retailer store your credit card details without permission? Can companies keep your credit card details on file without permission? The short answer is no. While there is no rule that governs how or when issuers can store your card information, many states have laws on the books to deal with credit card fraud, which fall under the umbrella of financial transaction card fraud. Laws like one passed in Georgia explicitly bar merchants from using your card without your permission or authorization. This means companies can only keep your credit card details on file and use it for transactions with your consent. Security standards for merchants The type of credit card information that merchants are allowed to store after consent is given is dictated by the Payment Care Industry Security Standards Council (PCI SSC), an organization founded the by credit card issuers and networks American Express, Discover, JCB International, Mastercard and Visa. The PCI SSC sets security standards for merchants that transmit, process or store payment card account information and provides best practices that merchants are required to comply with. Its purpose, as noted on page 8 of its Quick Reference Guide, is to 'encourage and enhance payment account data security and facilitate the broad adoption of consistent data security measures globally.' Some of its best practices for storing and transmitting card data include: Pin transaction security Software security Point-to-point encryption Mobile security standards Compliance with the PCI Data Security Standard (PCI DSS) requires merchants to limit storing and retaining customer names, card account numbers and expiration dates only for the time required for business or legal purposes. And it explicitly frowns on merchants storing, for example, a card verification value (CVV) or personal identification number (PIN). By following these standards after you've given consent to store or use your credit card information, merchants protect your privacy and can help combat identity theft and fraud. You can opt out of automatic online card storing As you shop online, you've likely received a prompt from the site asking if you would like to save your card information to make it easier to shop in the future. It's one way for merchants to lure you back for future purchases. However, you shouldn't need to allow the retailer to store your card information to continue your purchase. Rather, most retailers allow you to check out as a guest, completing the transaction without allowing the site to retain your card details. If that isn't an option, a workaround is to provide your card information to complete the transaction and then edit your payment options after it's complete to remove that information. Learn more: Is it safe to give an app my credit card information? Federal Trade Commission weighs in The Federal Trade Commission (FTC) agrees that merchants shouldn't collect information they don't need, further advising that, if a merchant does collect card information, it's in their interest to hold on to it only as long as there is a real business need to do so. This means that, while a retailer needs your card information to process a transaction, it shouldn't store it if the merchant doesn't anticipate future transactions. And once a business decides that it must store your card details, the FTC requires it to safeguard this sensitive information adequately, including from employees that don't have any business with your information. The bottom line Merchants will typically ask you for permission before storing your card information to avoid running afoul of laws, and it's common for online sites to ask to store your information to facilitate future transactions or to enable recurring charges. But if there's no legitimate business need, stringent industry data storage laws advise there's no incentive for a merchant to store your card information.
Globe and Mail
3 days ago
- Business
- Globe and Mail
CurrentSCM Achieves SOC 2 Type I Compliance, Reinforcing Commitment to Data Security and Trust
CurrentSCM, a leading provider of supply chain management solutions, announced it has successfully completed its System and Organization Controls (SOC) 2 Type 1 audit. This independent attestation, performed by the nationally recognized CPA and cybersecurity firm, A-LIGN, affirms CurrentSCM's commitment to maintaining the highest standards of security, availability, processing integrity, confidentiality, and privacy for its clients' data. The SOC 2 Type I audit is a comprehensive evaluation of a service organization's controls relevant to the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). Achieving this compliance demonstrates CurrentSCM's dedication to implementing and maintaining robust internal controls designed to protect customer information and ensure the reliable operation of its services. "We are incredibly proud to announce the successful completion of our SOC 2 Type I audit," said Rizwan Hassan, Director of SaaS at CurrentSCM. "This achievement is a testament to our team's unwavering commitment to operational excellence and data protection. Thanks to the team for their work in proving our security and processes in this independent audit." The rigorous audit process involved an in-depth review of CurrentSCM's policies, procedures, and infrastructure related to security, including access controls, change management, incident response, and data encryption. By demonstrating adherence to these strict criteria, CurrentSCM provides its clients with enhanced assurance regarding the security and integrity of their supply chain data. This milestone further solidifies CurrentSCM's position as a trustworthy partner for businesses seeking secure and efficient supply chain solutions. The company remains committed to continuously improving its security posture and upholding the highest standards of data protection. For more information about A-LIGN's SOC 2 audit services, please visit their website: About CurrentSCM: CurrentSCM, developed by Current Suite Ltd., a subsidiary of Vista Projects Limited, is an innovative software solution designed to streamline and optimize complex procurement and materials management for project-driven organizations. As the first of its kind, CurrentSCM provides a unified, collaborative platform that integrates end-to-end processes, including Materials Management and Vendor Document Requirements, into the order flow. The platform is dedicated to maximizing collaboration, enhancing efficiency, minimizing risk, and controlling costs for its global clientele. Media Contact Company Name: CurrentSCM Contact Person: Adam Singfield, Marketing Communications Manager Email: Send Email Phone: 1-833-237-4127 City: Calgary State: Alberta Country: Canada Website:
Yahoo
3 days ago
- Business
- Yahoo
CurrentSCM Achieves SOC 2 Type I Compliance, Reinforcing Commitment to Data Security and Trust
Calgary, July 15, 2025 (GLOBE NEWSWIRE) -- , a leading provider of supply chain management solutions, announced it has successfully completed its System and Organization Controls (SOC) 2 Type 1 audit. This independent attestation, performed by the nationally recognized CPA and cybersecurity firm, A-LIGN, affirms CurrentSCM's commitment to maintaining the highest standards of security, availability, processing integrity, confidentiality, and privacy for its clients' data. The SOC 2 Type I audit is a comprehensive evaluation of a service organization's controls relevant to the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). Achieving this compliance demonstrates CurrentSCM's dedication to implementing and maintaining robust internal controls designed to protect customer information and ensure the reliable operation of its services. "We are incredibly proud to announce the successful completion of our SOC 2 Type I audit," said Rizwan Hassan, Director of SaaS at CurrentSCM. "This achievement is a testament to our team's unwavering commitment to operational excellence and data protection. Thanks to the team for their work in proving our security and processes in this independent audit." The rigorous audit process involved an in-depth review of CurrentSCM's policies, procedures, and infrastructure related to security, including access controls, change management, incident response, and data encryption. By demonstrating adherence to these strict criteria, CurrentSCM provides its clients with enhanced assurance regarding the security and integrity of their supply chain data. This milestone further solidifies CurrentSCM's position as a trustworthy partner for businesses seeking secure and efficient supply chain solutions. The company remains committed to continuously improving its security posture and upholding the highest standards of data protection. For more information about A-LIGN's SOC 2 audit services, please visit their website: About CurrentSCM: CurrentSCM, developed by Current Suite Ltd., a subsidiary of , is an innovative software solution designed to streamline and optimize and materials management for project-driven organizations. As the first of its kind, CurrentSCM provides a unified, collaborative platform that integrates end-to-end processes, including Materials Management and Vendor Document Requirements, into the order flow. The platform is dedicated to maximizing collaboration, enhancing efficiency, minimizing risk, and controlling costs for its global clientele. ### For more information about CurrentSCM, contact the company here:CurrentSCMAdam Singfield, Marketing Communications Alberta CONTACT: Adam Singfield, Marketing Communications ManagerSign in to access your portfolio
