The threat of data theft and website infiltration are very real and their consequences can be far reaching.
Failing to protect sensitive customer data could leave businesses with hefty lawsuits on their hands, not to mention the huge negative publicity that often comes with such a security breach.
Netflix is one such company that has recently come under fire, pertaining to its aggressive expansion and the myriad of scams and hacked accounts that have come with it.
It’s true that the swathe of compromised accounts that Netflix have had to deal with are not entirely the company’s fault. Rather, it comes down to education as much as it does security – with many of these compromised accounts resulting from phishing scams.
But there are measures which all businesses should take to ensure that their customer and client data stays secure.
Educate your clients and customers
Make sure your clients and customers know how you will communicate with them and in what situations.
For example, many banks explicitly tell their customers that they will never ask for certain types of account information or PINs over email or the telephone. This is a simple measure and is free to implement. By making customers aware that the bank will never request this information, their customers know that, should they receive an email or call asking for this info, even if it seems entirely legitimate and convincing, then it is malicious.
This scam can happen to anyone, whether they are internal employees or customers of a company. Snapchat, according to Sky News, recently fell victim to a mass phishing attack in which 700 members of the staff’s details were compromised.
A good way to get this information out into the open is to have guides hosted on your website and to direct all new customers towards it. The important thing is to make sure all customers are aware of how you will be interacting with them.
Implement enhanced digital security measures
Businesses need to be as resistant to attacks as possible. This includes websites, as well as any computers and data servers.
One way in which digital applications are protected is through the use of a reliable web application firewall (WAF). A WAF, much like traditional firewalls that are installed on most personal computing devices and routers, keeps out bad or malicious traffic and restricts which ports can be accessed and by which applications. When looking for a WAF, it’s vital to ensure it meets PCI compliance standards for maximum security.
In fact, meeting PCI standards is essential for handling transactions online – it is a basic requirement put in place to protect businesses and consumers.
New security flaws in the internet are regularly discovered, including a recent glibc defect. This bug was originally discovered back in 2008, which shows just how important it is to update any vulnerable systems at the first notice.
It’s also wise to keep secure backups of data in ‘cold storage’ – that is, to keep the data saved offline, rather than relying solely on the cloud. Also, remember to regularly update any passwords used to access your cloud services. There are many other steps you can use to make your backups even more secure, as outlined by security specialist Kevin Beaver, which include storing backup media in fireproof vessels, and by restricting who has physical access to backup data.
Auto expiring passwords which reset after a set period of time is also good practice. This eliminates the possibility of any former employees or stakeholders being able to access your data in the future – especially if you forget to deactivate or restrict their account permissions.
In a bid to make their banking app more secure, HSBC are rolling out biometric security measures, including fingerprint and voice recognition which eliminates the need for passwords at all.
These are the absolute bare minimum that digital businesses could be doing. Of course, there are more robust systems that could be implemented but the methods outlined above give a nice balance of cost to security.
As shown, security is a two-way street. Businesses must keep their client’s data safe but they should also be managing how a client or customer uses and distributes their own data.
