How safe is the data you hold on your customers?
Most businesses claim that they have adequate security measures employed, but who can say with any degree of confidence that their systems are watertight? If you need any reminder how about the breaches suffered by big names such as Sports Direct, Three Mobile, Talk Talk and Tesco Bank over the last 18 months.
As business embraces more elements of technology, questions remain on whether security is being given the importance it deserves. In a rapidly evolving digital world, the need for robust security compliance and regulation is unquestionable.
Technology has brought a more convenient and connected life-style, but also accompanying challenges which make the role of information security in our everyday lives more important than ever.
Equally, online services are not just assisting with our duties at work, but also managing our everyday lives, which involves everything from personal documents, social networks and payments, to education and health services. All are provided and managed by platforms and applications that we access and use but, by their very nature, are susceptible to the perils of hacking and malware. From a single name to a voluminous database, the obligation to store data safely is firmly placed on those who hold it.
We caught up with security specialists Comsec, market leaders in providing all-inclusive cyber and information security services to clients around the globe. Their MD, Nadav Shatz was able to provide us with a better insight on the challenges facing both the consumer and business.
“Our mission is to serve our clients as trusted advisors by securing their information and operational assets. We understand our role in helping businesses to achieve their strategic goals and to enable business growth.
“In our experience, not enough people take security seriously and consequently not only put their customers’ data at risk but also the integrity of their brand. The expertise gained by our professionals during their service in elite cyber intelligence units, combined with our deep industry knowledge, helps inform us of the perils of ignorance and provides us with a unique edge in delivering value-added services to our clients.”
To meet the need for security in the market, the Comsec Group was founded in 1987, and grew over the next 30 years to become a pioneering market leader in the cyber and information security services to clients worldwide. With offices in London, Amsterdam and an Excellence Centre in Tel Aviv, Comsec supports pan-European and global corporations.
“There are several key initiatives that businesses need to consider and these are generally the same regardless of the sector,” said Shatz.
Regulation and data security standards – with the improvement of usability and better user experience comes the obligation on service providers to safely store and process our information.
As companies, governing bodies and organisations are struggling to protect their data (often including customers’ data) many industries have also developed their own sets of security standards, aimed at creating a baseline for security processes and controls to provide as guidelines for companies in the industries.
PCI DSS– The PCI DSS (Payment Card Industry Data security standard) is a perfect example of an organised effort to provide global guidelines for protecting credit card information. More than 10 years ago, following a sharp increase in cyber security incidents involving payment cards which compromised millions of card holder consumers, the five big payment schemes decided to enforce an information security framework on all entities handling payment cards, in order to reduce the risk and damages of card data theft.
Reports still show that cardholder data is the most often stolen of all data types (health, financial, etc.), however organisations are much better equipped to defend against such attacks and protect their customers’ information.
Privacy – The EU is now implementing a new personal data protection regulation under its own privacy programme, resulting in the General Data Protection Regulation (GDPR). The GDPR’s primary goal is to protect private information wherever it is stored, processed and sent, and limit its usage to the minimum necessary for the organisation using it. This regulation is mandatory for all businesses and comes into force in the UK in 2018.
“It is not enough to assume the data you hold is safe,” said Shatz. “You must ensure adequate measures are in place to protect that data. It’s not just industry fines that you need to consider – even though they can hit you hard and cripple smaller businesses – but also the damage a breach can do to your brand. Recovering from a hefty fine is a lot easier than restoring your customers’ confidence.”
For more information around any of the issues listed above visit the Comsec website here.