.svg "Evolok logo (1)"){kind=small}
Whether you’re a mother of two, a university student, or an operating business, cyber security is more important than ever before. According to a survey conducted by 123 Reg consisting of 13,000 businesses, “only 10% of e-commerce websites have security to keep their customers data safe from hackers.” Carrying on with this, 2,600 out of the 13,000 businesses stated that they don’t actually know who provides or handles their online security, and a whopping 50% state “they are not prepared for an attack, and have no recovery plan if one took place”.
Considering the potential business-ending irreversible damage should a cyber-attack take place, such as the loss of vital information, customer’s details being stolen, or viruses, why is there such a lax approach taken by small businesses regarding cyber security?
If we take a second to look at real world examples; in the past two weeks, two major international organisations McDonald’s Canada and the IAAF have suffered from cyber-attacks. Cast your net back a few weeks before that, and Yahoo’s security defences were breached in mid-March.
Whilst you may look at things and think only smaller businesses will get targeted due to the less sophisticated security systems in place, the prize and the allure of compromising a larger multinational corporation is far more appealing for cyber criminals. Unfortunately, business stature does not make you immune to online theft.
With the colossal increase of data being exchanged online, attacks are becoming more and more frequent-an increase of 55% from 2015-, it’s even more imperative that businesses take the necessary steps to protect themselves and their consumers. And this is only going to increase due to the fact that there will be an estimated 50 billion objects connected to the Internet of things (IoT) by 2020 (courtesy of Cisco.) That’s a potential gateway of 30+ objects per household that hackers can find a way through, that will each have hoards of personal information on.
This blog will help outline what organisations can do in order to reduce the risk of being targeted.
Identity management
As an online business, you will most probably have an identity management (CIM) solution. CIM is the process of turning anonymous visits to your website into known users, by analysing their social channels, mobile applications and web data. This data is collected through mobiles, laptops, Wi-Fi hotspots, or Intelligent Personal Assistants (IPA's). This process creates a huge bank of personal information on the anonymous user that has the potential to fall into the wrong hands if compromised.
Whilst this is all fine and perfectly understandable, what’s happening with this data is not. A lot of companies will use more than one data store to log all their customer data, simply because they don’t have a single view of their users. It only takes one breach in one data store for all of the information to be compromised.
Assess your organisation
In order to understand and prepare for a potential cyber-attack on your digital property, you must first undertake an internal assessment on what’s potentially at risk, and if you’ve made suitable precautions. The National Cyber Security Alliance conducted research on 1,015 U.S. businesses, and their findings show “66% of small and medium businesses are not concerned about cyber breaches, whether they come internally or externally.” Furthermore, “87% do not have a formal written internet security policy for their employees.” This could enable current/ex-employees or contractors to steal vital data of the business itself or their customers.
What’s interesting is as social media is evolving every second, it’s becoming more common for cyber-criminals to conduct phishing attacks on these platforms. Furthermore, the research conducted shows that “70% of small and medium businesses do not have policies for employee social media use.”
Things that we consider when protecting data for a business:
- How sensitive is the information that’s being collected?
- How and where is this information being stored?
- How many people in the organisation have access to said information? Do they need to know?
- How is this data being looked after?
- What precautionary steps are you taking to secure your computers, network etc.?
- How is data encrypted and how are passwords protected?
What are businesses doing wrong?
As stated above, businesses are collecting masses of data on users, and some of these users don’t even know that it’s being collected. Organisations need to have a single view of their customer data and avoid spreading it across multiple third party systems. Cast the net narrow, and the propensity for a security breach is far lower.
Protect your customers
This is possibly the most important aspect from a business’ point of view when it comes to cyber security; the protection of personal information of your customers. It’s imperative that as business, you gain the trust of your customers, as this will enable them to feel confident about doing business with you online. Tell them why you’re collecting data, and for what purpose it’s being used.
It can be easy to overlook data security, however, when a breach impacts the brand value, other than the loss in revenue and the dwindling share price, you can’t put a price on it!
Contact Evolok for a further demonstration on the full range of our products.
