The case of FTC v. Wyndham Worldwide Corp. is a good case study for what not to do in the rapidly changing world of data security. We will share some thoughts about the case in an upcoming blog. But for now, I want to quickly address one allegation from the case because it serves to highlight a point made in an earlier MFT Nation blog post. In that blog, we suggested that it is generally wise economically to make timely and regular investments in software upgrades, rather than face costly expenditures and downtime when your old software eventually malfunctions. We pointed to a Senate report entitled The Federal Government’s Track Record on Cybersecurity and Critical Infrastructure, in which the author explains why such an approach is wise especially when it comes to data security:
While cyber intrusions into protected systems are typically the result of sophisticated hacking, they often exploit mundane weaknesses, particularly out-of-date software. Even though they sound boring, failing to install software patches or update programs to their latest version create entry points for spies, hackers and other malicious actors.
This very thing happened in the Wyndham case. After hackers gained access to Wyndham’s networks and compromised more than a half-million credit card numbers, the government sued claiming Wyndham’s system had several “security insufficiencies,” including the fact that its “property management system server was using an operating system that its vendor had stopped supporting, including providing security updates and patch distribution, more than three years prior to the intrusion.” To make things worse, Wyndham allegedly was “aware [it] was using this unsupported and insecure server, yet continued to allow it to connect to [its] computer network.”
Wyndham has paid, and will continue paying for knowingly using “unsupported and insecure” software. Don’t follow in Wyndham’s footsteps. Review your software portfolio regularly and identify all out-of-date instances. Once identified, we recommend “investing” in an upgrade to the latest version. Even if you have to pay for the updated software, do it. The investment will pay off in the long run.
If you want to discuss an upgrade of your bTrade secure/managed file transfer software, or are considering alternatives to your existing data security software, please contact our experts at firstname.lastname@example.org. They will be able to answer all your upgrade questions, and provide assistance to ensure that your organization has no “security insufficiencies.”