by Ian Butler, Head of EU Security Products at Elavon
Cyber criminals are increasingly making a business owner’s life difficult when it comes to data security. Breaches of business systems (both those well documented like Dixons Carphone) and smaller breaches are compromising customer data and this is a growing issue. A recent poll from Thales research puts it into perspective: UK businesses increased IT security spend in 2017 by 63% – a marked jump from 2016. Yet despite this increase in IT security spend, more than two in five UK businesses (43%) were breached last year. Statistics such as these have seen the EU stand up and take notice of the issue. The result is the General Data Protection Regulation (GDPR) being introduced and enforced from 25th May this year to strengthen data protection for businesses and ensure customer information is kept in the right hands. However, it’s an ongoing battle when educating business on how to manage data – and protect it – from criminals.
I want to share three very simple, yet effective tips to help business owners layer defenses and ensure that their customer data is safe:
- Encryption: make things illegible for criminals – How can a cyber-criminal steal something if they do not know exactly what they are stealing? If you convert your data in such a way as to make it unreadable for criminals (but accessible to those who possess special knowledge and can change the data back to a readable and original form when needed), then businesses are better protected against cyber-criminals. Encrypting all your payment transactions for example, is a great way to keep payment data safe.
- Passwords: choose a strong one and keep it safe – Think of a cyber-criminal like a burglar, breaking into your family home. If there were numerous locks or various combinations to guess before entering, then the criminal will probably move on to the next target. The same principle can be applied with passwords to electronic devices, databases and documents. It might seem obvious, but it’s important to create a strong one so that cyber criminals will struggle to access accounts and ensure they will lose interest and move onto other potential victims after numerous failed attempts. Some ways to create a strong password could be to:
- Longer is more important than using a complex combination of characters, but both is best
- Consider using a password manager
- Training: employees needs to be suspicious – Whether it’s an e-mail with peculiar attachments from an unknown source or sales/marketing e-mail from businesses requesting that you download apps, employees need to tread with caution. Business owners need make sure that and their staff are aware of the dangers from attachments. They will find lots of good training material online. It only takes one download to disrupt a business IT system/server or give a cyber-criminal access to your customer data. Therefore, adopting the ‘better safe than sorry’ approach and spreading that mantra across your entire business will ensure your colleagues act as barriers to better safeguard your business against cyber-attacks.
There are also various products and services which can help a business become more automated to protect itself from cyber-attacks. Some might come at a cost, but it can allow a business owner (especially if a micro or SME) know all is in hand whilst he or she concentrates on other areas of the business which effect the bottom line. Furthermore, businesses should have incident response plans in place to ensure that the aftermath of a breach, should it happen, is dealt with efficiently and that the right stakeholders (both internal and external) are aware of the immediate next steps which should be taken.
All of these approaches attempt to mitigate and reduce the negative impact which a data breach could bring. With GDPR coming into force soon, businesses should use this milestone as a call to action to upgrade how their data is stored and kept safe. Sharing case studies of those businesses which have already received data breaches will show the damaging results and build an argument as to why data security should be taken seriously across the whole company, to ultimately protect the business and its customers.