Staying ahead of the hackers: how companies can protect their customer data

In light of the recent scandals at a number of organisations, Natasha Cowan asks how companies can prevent their systems from being hacked.

Cyber attacks my sound like the plot to a Hollywood movie but recent events show just how dangerous faults in internet security can be.

Recently, Bluebox Broadband users were left devastated after a cyber security hack led to the publication of 3,000 customers, or potential customers, details online.

The hack is just one of a stream of attacks that have occurred in the last month, causing consumer trust in companies storing personal data to slip by 6%, according to a survey conducted by Deloitte. This is worrying, because if faith in technology organisations dissipates, whose function is to maintain data, then those companies very existence will be in doubt.

The companies’ recently targeted by hackers range from internet giant, TalkTalk, to toy manufacturer Vtech, which had its app store database, Learning Lodge, hacked on November 14.

Hackers have proved they can wreck the reputation of a company with the click of a button, highlighting cyber security as one of the evolving risks for business and their stakeholders.

With the ever-developing digital world comes more complex methods of hacking into customer databases. But one realisation from the TalkTalk scandal is that simple measures can be put in place to protect customers and make sure organisations stay ahead of these risks.

TalkTalk had failed to encrypt their customer data. This is one of the most important, and it has to be said basic measures taken to prevent hackers stealing the bank details and personal information from millions of clients. By disregarding customer safety the public lost faith in the company and stakeholder value plummeted.

As one of Talk Talk’s thousands of customers I saw this first hand. Not only did TalkTalk fail to alert the UK’s data protection watchdog when the attack first happened, but one week after the attack I still couldn’t access my account details to change my password and I received little information on whether my details were at risk. This was very poor.

One company proving the importance of tightened internet security is Crunch Accounting, the online accountancy firm for freelancers, contractors and small businesses. It combined the quality assurance team, developers and design team to create their new website. Also employed was a system administrator – who is able to think like a hacker– to help check the site.

By starting again with the latest technology, they were able to fill any gaps in security and build the site efficiently, helping them to meet a majority of their stakeholders needs.

When customers leave their data with a company the data becomes that company’s responsibility. It’s crucial to have a plan in place, fed down through good governance, to protect stakeholders from the pains and confusion of a hack.

The role of the quality professional is to protect reputation, facilitate continuous improvement and lay the foundations for good governance. Keeping stakeholders safe is vital. Companies could take heed by putting these ideas at the core of their management and risk operations.

Natasha Cowan is Content Creator at the CQI and writes for Quality World magazine.

2 thoughts on “Staying ahead of the hackers: how companies can protect their customer data

  1. Ian Dalling

    A one-stop approach that uses joined up management thinking is MSS 1000:2014. It can be downloaded for free via http://www.thecqi.org/Community/Special-Interest-Groups-SIGs/Integrated-Management-Group/Research-and-reports/, While there are simple measures that can be put in place to reduce the risks associated with a cyber attack it does not go far enough and organisations must address the complete picture of how the organisation is managing data in terms of prospect and risk to achieve its optimal management. Even asking fundamental questions such as “why are we connecting this to the internet?” are really important. This is about prospect/risk balance which is at the heart of MSS 1000:2014 and modern effective management

    Reply
  2. Steve Watkins

    Embracing the requirements of the Information Security Management System (ISMS) specification ISO/IEC 27001:2013 can help massively. It does not guarantee information security, nothing can, however an ISO 27001-based ISMS does require the organisation to align its information security risk appetite with those of its stakeholders and align its security stance with that – in the UK this can often mean embracing the governments Cyber Essentials scheme as well. Along with the benefits of an ‘Annex SL’-based management system standard, the ISO 27001 accredited certification scheme provides one mechanism to start providing the cyber-security assurance many are seeking.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *