In the wake of the TalkTalk cyber-attack and the Marks and Spencer website glitch, IT managed services specialist Quiss Technology, says more needs to be done to educate organisations on the potential for, and likely consequences of, security breaches; both deliberate and accidental.
Operations Director, Clive Taylor, said: “Any leak of personal data carries a number of risks to both the company and the customer. Identity theft and phishing scams are two of the most common with fraudsters stealing, on average, tens of millions of pounds each year.
“The same UK law that protects consumers also requires organisations that handle their data to have appropriate security measures in place to safeguard personal details. This tends to mean the security installed by companies is more closely related to the value placed in the data they are keeping than to the consequence of any expected attack.
“If a company considers the data it is holding is not particularly sensitive or valuable it will usually operate with a lower level of security but this could mean the firm is more vulnerable to an attack.”
And as Taylor is keen to explain, all personal data, no matter how small or insignificant it may seem, has huge value in the wrong hands.
“You may not think your site has anything worth being hacked for, but most website security breaches are to steal data because this opens up an enormous number of opportunities for the criminals.
“Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit website security issues. There are now reports that criminals are trading data stolen in this way, ironically using the internet to make contacts, which demonstrates the value of personal information in the wrong hands.”
There are steps organisations can take to stop themselves and their customers falling victim to this type of crime. Some of the simplest steps include:
- Conduct a security audit: Audit your entire IT infrastructure – computers, network and mobile devices – to determine what you need to do to stop hackers accessing your network.
- Encrypt your data: If someone accesses the data they won’t be able to read it.
- Back-up: Ensure data is properly backed-up and test the back-up to ensure information can be recovered efficiently.
- Use multiple and strong passwords: Make passwords too complicated for others to know, don’t write them down, but commit them to memory.
- Implement a multiple security technology solution: It is critical to have multiple layers of security technology on all devices. This can help block attacks on your network and alert you to attempts.
- Security policies: Have clear policies in place to ensure everyone does their bit to protect data.
- Make staff aware of their role: Staff are your front line of defence so ensure employees are vigilant and the potential for ‘human error’ is minimised.
- Protect your mobile workforce: Some staff will work away from the office and conduct business using open ‘customer networks.’ Make sure their mobile technology is as secure as possible.
Taylor concludes: “There is little chance of this problem solving itself. It requires proactive action from organisations that recognise the value of the data they hold and the damage losing it can cause to the organisation both in terms of cost and brand damage.”