Another few months pass, and once again there's another data breach at a major company, this time Twitter falling victims to an "internal leak". As a result of the breach, 300 million Twitter users are being informed to change their passwords. Far from ideal. Nevertheless, if you did a simple google search on "data breaches", this week alone you'd find examples of multinational companies all suffering from some kind of breach or another, companies such as Uber, Wendy's and The Commonwealth Bank of Australia (CBA).
Whilst you may look at things and think only smaller businesses will get targeted due to the less sophisticated security systems in place, the prize and the allure of compromising a larger multinational corporation is far more appealing for cyber criminals. Unfortunately, business stature does not make you immune to online theft.
With the colossal increase of data being exchanged online, attacks are becoming more and more frequent-anincrease of 55% from 2015-, it’s even more imperative that businesses take the necessary steps to protect themselves and their consumers. And this is only going to increase due to the fact that there will be an estimated 50 billion objects connected to the Internet of things (IoT) by 2020 (courtesy of Cisco.) That’s a potential gateway of 30+ objects per household that hackers can find a way through, that will each have hoards of personal information on.
This blog will help outline what organisations can do in order to reduce the risk of being targeted.
As an online business, you will most probably have an identity management (CIM) solution. CIM is the process of turning anonymous visits to your website into known users, by analysing their social channels, mobile applications and web data. This data is collected through mobiles, laptops, Wi-Fi hotspots, or Intelligent Personal Assistants (IPA’s). This process creates a huge bank of personal information on the anonymous user that has the potential to fall into the wrong hands if compromised.
Whilst this is all fine and perfectly understandable, what’s happening with this data is not. A lot of companies will use more than one data store to log all their customer data, simply because they don’t have a single view of their users. It only takes one breach in one data store for all of the information to be compromised.
Assess your organisation
In order to understand and prepare for a potential cyber-attack on your digital property, you must first undertake an internal assessment on what’s potentially at risk, and if you’ve made suitable precautions. The National Cyber Security Alliance conducted research on 1,015 U.S. businesses, and their findings show “66% of small and medium businesses are not concerned about cyber breaches, whether they come internally or externally.” Furthermore, “87% do not have a formal written internet security policy for their employees.” This could enable current/ex-employees or contractors to steal vital data of the business itself or their customers.
What’s interesting is as social media is evolving every second, it’s becoming more common for cyber-criminals to conduct phishing attacks on these platforms. Furthermore, the research conducted shows that “70% of small and medium businesses do not have policies for employee social media use.”
Things that we consider when protecting data for a business:
- How sensitive is the information that’s being collected?
- How and where is this information being stored?
- How many people in the organisation have access to said information? Do they need to know?
- How is this data being looked after?
- What precautionary steps are you taking to secure your computers, network etc.?
- How is data encrypted and how are passwords protected?
What are businesses doing wrong?
As stated above, businesses are collecting masses of data on users, and some of these users don’t even know that it’s being collected. Organisations need to have a single view of their customer data and avoid spreading it across multiple third party systems. Cast the net narrow, and the propensity for a security breach is far lower.
Protect your customers
This is possibly the most important aspect from a business’ point of view when it comes to cyber security; the protection of personal information of your customers. It’s imperative that as business, you gain the trust of your customers, as this will enable them to feel confident about doing business with you online. Tell them why you’re collecting data, and for what purpose it’s being used.
It can be easy to overlook data security, however, when a breach impacts the brand value, other than the loss in revenue and the dwindling share price, you can’t put a price on it.
Contact Evolok for a demonstration on the full range of our products.