November 2015
Hack Attack: 5 Lessons on Data Security We Learned from the TalkTalk Leak
Unless you’ve been very much hiding under a rock for the last few weeks, it is nigh on impossible to have missed word about the TalkTalk attack – or the subsequent Marks & Spencer website glitch, or Vodafone’s own data loss. With huge firms being held to task by customers for not keeping their data safe, now is the perfect time for smaller companies to learn some valuable lessons. So settle down, because class is in session!
1. Encryption is Key…
Out of the TalkTalk attack came many a bashful admission from their CEO, but perhaps the most embarrassing of all was that she simply ‘didn’t know’ if customer data was encrypted or not. This pretty much guarantees that confidential information is ready for dispersal the moment it’s taken; for hackers, it’s a get rich quick scheme based on selling said data to scammers. Keeping data encrypted should be commonplace when keeping confidential information such as credit card and contact details – and make sure you know whether it’s encrypted or not!
2. …But Encryption isn’t Always Enough
Unfortunately, if it was that easy to protect data, we wouldn’t have so many privacy scandals hitting the headlines and this article would be over already. As Marks & Spencer found out when a website glitch allowed customers to view each other’s data last week, encryption isn’t always enough. Having other security measures in place, such as keeping matching data separate and payment details partial, is sure to lessen the headache of a leak.
3. Always Be Prepared
You may have noticed TalkTalk spreading information across social media and the internet in general over the last week or so, in reaction to the attack. This is a positive sign, because the speed involved demonstrates that TalkTalk must have had a disaster recovery plan in place – one which included 12 months free credit monitoring from a third party. You may never need it, but having such a plan in place can help you to save face with customers and aids in a quick bounce back for the company.
4. Warn Customers of the Threats
The first thing that comes to mind when hearing that your payment details have been taken is credit card fraud. For TalkTalk customers, this was only a minor issue overall, as credit card information was only partial in an effort to keep payment details safe. Unfortunately, the contact details kept on file have allowed scammers to contact customers as representatives of TalkTalk, leading them through software registrations and other hoops that end up with genuine payment information being surrendered. As part of your disaster recovery plan, be sure to include a list of possible threats and be honest with your customers – honesty will always work in your favour when rebuilding trust.
5. A Lot of Trust is Involved
Although learning how to protect data is a great step towards protecting customers and helping to keep their confidence, it is essential to remember one thing from all of these data leaks: customers are trusting you with very sensitive, very private information and you have a duty of care towards that data – which means doing everything you can to keep it safe. Don’t let the size of your company or the industry you belong to make you think that there are corners to be cut with customer privacy – because one mistake can ruin a business overnight, and trust is a hard thing to win back!
Now for your homework: get in touch to find out how Lunar’s bespoke CRM solutions can keep your customers’ data (and trust) secure. Class dismissed!