BA First Major Company to Suffer Breach Post GDPR – our head of Operations Rob Longden shares his thoughts
Whilst data breaches have been a regular fixture in the news agenda over the last few years, the recent press announcement from BA concerning data theft, makes this arguably the first major breach in the post–GDPR world.
Companies that now find themselves embroiled in data breaches need to act with far greater speed and decisiveness. The new rules place an important emphasis on informing people whose data may be compromised as quickly as possible. In this particular case, BA has risen to the challenge.
Whilst the technical details of exactly what has happened unfold, it just brings to the forefront how organisations of any size must ensure they have the best possible protection available. The Office for National Statistics has just recently reported an increase in UK business cybercrime by 63% towards the end of 2017. This is big news and business owners know that you can never be too diligent in creating a resilient business framework. Massive volumes of information now exist in the digital realm and this needs to be protected, and if infiltrated, restored quickly and efficiently.
Reacting to this huge drive in cybercrime over the last couple of years and the current industry focus on security, here at CT we have launched a suite of Managed IT Security services to provide customers peace of mind when connecting and operating via the internet and the cloud. Whilst every organisation’s demands and levels and needs of protection will vary, you must ensure you have what we would call the ‘standard security checks in place’.
The list below is by no means definitive but will help you gauge the level of protection your organisation has in place. By no means do we want to scaremonger people, but we do want to ensure they don’t suffer a similar fallout to BA, whatever size their business.
Ensure all customer data is stored in an encrypted way
Implement multi-levels of complex passwords to access any database storing customer information and change these passwords frequently.
Periodically and regularly run background checks on employees handling customer data.
Ensure malware detection software running on both your servers (hosted or not) and workstations and ensure that your firewalls are up and secure.
Review and implement regular network security health checks.
Educate employees about cybersecurity.
Ensure you have a Disaster Recovery or Business Continuity plan in place with the relevant controls and documentation.
If you have any concerns, or if you would like to find out more about our IT Managed Security services, get in touch with one of CT’s data security experts.
7 September, 2018
