Last year the media was full of stories of high profile data breaches – but what does it mean for you and your business?
A series of high profile data breaches at companies such as Talk Talk, Sony and M&S should be a massive wake up call for any company with sensitive customer data that has not taken the relevant precautions. A data breach can have a massive impact on an organisation in terms of damaged reputation, vanishing customers and financial losses.
As Tom Gilruth, MD of Topwood who specialise in secure document and data management points out:
“No organisation is immune to the risks of a data breach, all it takes is an unwitting employee to open the wrong email attachment, plug in the wrong USB stick or to take documents out of the office to work from home, and data could instantly be exposed.”
Unfortunately the threat of a cyber attack is increasing all the time with hackers finding evermore sophisticated ways to breach corporate defences to gain access to customer names, email addresses and even bank details. Many of the companies that fall victim to data breaches do not survive. In the short term the biggest impact is financial – either the result of fines and penalties (for example those imposed by the ICO) or loss of custom. The biggest long term impact is almost always to reputation and that can be terminal.
Data protection should be at the top of the corporate agenda but research shows few companies have meaningful data protection programmes in place.
Defence technology can absorb huge amounts of resources however one of the most effective defences is ‘threat modelling’. This assesses business data from a hackers’ view looking at what might be worth stealing and identifies any weak spots that need plugging to improve security. Improving employee awareness can also reduce the risks of data breaches. This is low cost protection and includes adding data protection to manuals and employment agreements, staff training and company policies regarding the use of sensitive information.
The General Data Protection Regulations (GDPR) due to come into effect will mean that companies have to be more vigilant than ever about how they store their data. Another significant threat to a company’s data security comes from employees freely sharing login information for social media – this makes it very easy for disgruntled ex-employees to cause a company’s reputation extreme harm on social media.
To protect this, companies should enforce strict password guidelines and reset them routinely. When employees depart a company all passwords and email addresses linked to the social media should updated. Yet companies continue to leave themselves and their data exposed.
Admitting that stolen customer data may not have been stored in an encrypted form is a further illustration that there are security shortfalls. Even if encrypting customer data isn’t mandatory, companies that are serious about security do it as an automatic data protection consideration.
To see what steps you could take to prevent a data breach in your workplace click here.