By Tanmaya Varma, Global Head of Industry Solutions, SugarCRM
2016 was another year for high-profile data hacking scandals hitting the headlines, with Tesco Bank just one example of an organisation suffering at the hands of fraudsters. When you combine this with the annual Crime Survey of England and Wales (CSEW),which revealed that online fraud now accounts for nearly 50 per cent of UK crime, it seems only right that there’s a global day in place to raise awareness of data protection issues.On the 28th January, 50 countries observed Data Privacy Day, an occasion set up in 2007 to raise awareness and promote privacy and data protection best practices. So what’s at stake to businesses when it comes to data hacking, particularly financial institutions which hold a huge amount of sensitive customer information and are bound by numerous regulations? And how can customer management technology help fend off the fraudsters?
Make data security a business priority
Every business that obtains, stores and manages customer data has a responsibility to keep it safe.There are serious repercussions at stake for those which fall prey to hacking, not least: losing customers, a damaged reputation and fines levied for regulatory violations (if they are found to have been negligent). A lost reputation not only impacts an existing customer base but a potential one, too – in its survey of 3,000 IT executives, Cisco’s 2017 Annual Cybersecurity Report found that 23 percent of businesses said they lost business opportunities because of a hack or a breach.
It’s therefore vital for data security to be treated as a business issue, as opposed to just an IT problem. For those businesses that employ Customer Relationship Management (CRM) technology to manage their customer data, it is the responsibility of the providers to deploy a robust, secure infrastructure which protects businesses and their customers from data breaches.
Choose the safest storage option for your business
The rapid evolution and adoption of storage in the cloud, has undoubtedly played a role in the increasing number of breaches in recent years as data has become increasingly digitised. Unfortunately, today’s fraudsters are sophisticated and able to infiltrate complex data security networks;Cisco’s report revealed a 34 percent year-over-year increase in server related vulnerabilities in 2016.
This means customer-facing businesses should consider what data is stored in proprietary cloud-based systems. One of the main concerns for organisations is that information stored in the public cloud is beyond its control. Imagine investing in the best security tools and having the most sophisticated authentication protocols, but still being at the mercy of your cloud vendor’s security mechanisms for managing your most precious asset; your customer data. Your top-notch information security team has no visibility into those security controls, and you have no way to move to another CRM cloud vendor if those security mechanisms are challenged or, worse, fail. It’s not a comfortable feeling.
At SugarCRM, we’ve met this challenge head-on and by partnering with IBM Cloud, our technology can be deployed across bare metal cloud servers, dedicated off-premise clouds or private cloud environments behind the firewall, all of which provide a level of security far beyond what’s available via public alternatives.
Legislation leading the way to protect customer data
The need for protecting customer data has long been recognised in official legislation, and there are stricter rules on the way in the UK. The 1998 UK Data Protection Act was put in place to provide clear legislation on the way in which businesses can obtain customer data, the kind of information they are allowed to hold and how they can use it. In 2018, the introduction of the General Data Protection Regulation (GDPR) will bring in new rules on how businesses manage customer data.
The GDPR will introduce stricter requirements around when brands and businesses can use data. This means businesses will need to be clearer about the information they are requesting from customers and how they will use it. The traditionally opaque, lengthy terms and conditions will no longer be an option – they will need to provide transparency at all stages during the collection of customer data to ensure consent is given unambiguously.
Hacking incidents are already being taken extremely seriously; in October last year, TalkTalk was fined a record £400,000 for failing to prevent an attacker accessing the personal data of 156,959 customers. The GDPR is set to introduce even stricter penalties to businesses that breach the new legislation, with the maximum fine increasing from £500,000 to €20m or 4 per cent of global turnover for the most serious incidents.
Cybercrime is now an unavoidable part of the digital world we live in. My advice to all organisations when it comes to deciding how and where to store their customer data is they should have the freedom to implement the systems and architectures that best address their needs for security, compliance and data integration – or risk facing some serious consequences.